luxterful_api | Stripe Developers | Page 1

austere waveBOT Feb 20, 2025, 9:22 AM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1342063715943448639

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

#

charred bay Feb 20, 2025, 9:25 AM

#

hi there!

#

then I strongly recommend to roll your API keys

#

you can do so in your Stripe Dashboard here: https://dashboard.stripe.com/test/apikeys

#

and I recommend also reading this: https://docs.stripe.com/disputes/prevention/card-testing

#

I recommend also notifying Stripe support about this: https://support.stripe.com/contact

storm flume Feb 20, 2025, 9:39 AM

#

So we have an API endpoint which creates setup intents for our checkout page where we sell subscriptions. We return the setup intent object to the client. Seems like the hacker uses the API endpoint directly and from there he is calling stripe to confirm the setup intent with different card numbers

#

i dont think that rolling our API key will help here

charred bay Feb 20, 2025, 9:52 AM

#

got it. then you should read the second link I shared: https://docs.stripe.com/disputes/prevention/card-testing

#luxterful_api