#jasoncomputers_connect-account-invalid-info

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1334564031821906026

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hi 👋

You should be able to create a new Account Link with the type account_update to allow your user to reset existing values.

https://docs.stripe.com/api/account_links/create#create_account_link-type

I don't think you can do this yourself via the API

gotcha - will using that link require them to re-enter their 2FA code?

Yes

ok, so i couldn't easily do it on their behalf

No, that is the point

i get it of course, it just would be helpful to the user if we could do this without their direct involvement (they've already asked us to do it, etc). Are these account links only good for some time period? Given the person is in India, they may not be awake for hours

There are a number of security requirements that, while they make some basic operations more difficult, are necessary to prevent abuse and bad actors.

As for the Account Link, yes they are short-lived. You can see the expiration time in the expires_at property: https://docs.stripe.com/api/account_links/object#account_link_object-expires_at

It may be more work but ideally the flow we intend is something like this.

• You send your CA an email with a link to your integration.
• Once they authenticate with you, your server creates an Account Link and redirects the user

The reasoning here is that we (Stripe) don't perform any authentication in the Account Link. We assume you know who you are redirecting and that you, the platform, have validated they are who they say they are.

that's essentially what we have

the large majority of the time it works well

on some occasions the user does something wrong (like creating their Connected Account in the wrong country - I have another active user in this state right now) or is confused about something, and then we're just not able to quickly manually edit their data for them

they're already confused and not necessarily tech savvy, so having them go through another flow that we don't control is just dicey sometimes

i understand the security reasons, of course. i was just hoping with our all-powerful platform API key we would have override powers

the Account Link is certainly still helpful, its hopefully better than having them start over (which is still our last resort and may happen here, I dont know)

Unfortunately the Account Link is the way you need to go as the platform API is not all powerful. This is necessary to prevent fraud and abuse.

apparently i can only create onboarding links for them because they are not yet fully onboarded:

"error": {
"message": "You cannot create account_update type Account Links for this account. Valid types for this account are ["account_onboarding"].",
"param": "type",

my understanding from this user (again I can't see directly because its their Onboarding flow and its hosted by Stripe, not our app) is that they can't edit their name at this stage

so they are locked into this incorrect name, but they just don't want to finish their onboarding because it apparently will create a bank account for them with the wrong name associated

Ah, yes if the abandoned the onboarding without completing it that leaves them in a bad state

this was their screenshot, I'm hiding the name part for their privacy, etc

should i just essentially have our app "forget" this Connected Account so that they can start the onboarding over? Our app would generate a new Connected Account for them to start onboarding into

What is the account ID?

acct_1QmtSJSE8dzWvFEZ

Thanks, taking a look

this was my failed attempt to update their name via the API: req_5Y0l0gL90I32Q0

no prob, appreciate it

Hmmm... I don't see a name associated with that account. When they use a normal Account Link, they aren't given a place to edit the individual name?

our app sends the name over in the large API request when we create the Stripe Connected account (otherwise they would have to double-enter their information in our app and then Stripe). they just had their name wrong in our app, first and last name were reversed, so it was reversed when it got to Stripe

here's the API request of the account being created in the first place: req_stYmDI3z71qbpR

the POST request had these fields in it (again data obscured for privacy):

"individual": {
  "address": {
    "city": "xxxxxxxxx",
    "country": "IN",
    "line1": "xxxxxxxxx",
    "line2": "xxxxxxxxx",
    "postal_code": "xxxxxxxxx",
    "state": "xxxxxxxxx"
  },
  "email": "xxxxxxxxx",
  "first_name": "xxxxxxxxx",
  "last_name": "xxxxxxxxx"
},

I can see the entire request

But unfortunately, you cannot change this data once set. The user can either onboard with the wrong name and then try to correct the issue or start over with a new Account

ok, gotcha

we'll probably just go that route as i can't guarantee them they won't have bank account issues if they finish onboarding this way (i know nothing about India bank acct requirements and whatever is done to verify etc)

thanks

Happy to shed what 💡 I can 🙂

By the way, you would be able to update the individual data property for Custom accounts or Stripe accounts where the data collection is handled by the Platform.

But then you would need to build the entire onboarding UI yourself so that comes with some significant engineering effort