ddmm_api | Stripe Developers | Page 1

cobalt arrowBOT Feb 26, 2025, 5:32 AM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1344180349986410506

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

#

grizzled breach Feb 26, 2025, 5:34 AM

#

We were recently attacked whereby the hacker was able to Onboard Express account onto our platform due to leaked Secret Key. We only want to allow Standard accounts to onboard. How can we use a Restricted Key to prevent this in the future in case our key is ever leaked?

oak sail Feb 26, 2025, 5:37 AM

#

Yeah I am afraid we don't have that much of a granular level settings. I would recommend limiting the list or range of IP addresses

grizzled breach Feb 26, 2025, 5:37 AM

#

thats annoying - i was told we should use restricted key to prevent this from happening

#

#

We are getting this error when using the restricted key - what setting do we have to use?

#

i dont see kyc id numbers as an option in restricted key setup

#

?

oak sail Feb 26, 2025, 5:44 AM

#

Um can you find this request id (req_xxx) from the request log? https://dashboard.stripe.com/test/logs

Stripe Login | Sign in to the Stripe Dashboard

Sign in to the Stripe Dashboard to manage business payments and operations in your account. Manage payments and refunds, respond to disputes and more.

#

https://dashboard.stripe.com/logs for Livemode log

Stripe Login | Sign in to the Stripe Dashboard

Sign in to the Stripe Dashboard to manage business payments and operations in your account. Manage payments and refunds, respond to disputes and more.

grizzled breach Feb 26, 2025, 5:46 AM

#

#

@oak sail sent

oak sail Feb 26, 2025, 5:53 AM

#

Could you copy its Id here? In text

#

the req_xxx

grizzled breach Feb 26, 2025, 5:54 AM

#

yes

#

Having the 'rak_accounts_kyc_id_numbers_read' permission would allow this request to continue.

#

is that what you need @oak sail

oak sail Feb 26, 2025, 5:55 AM

#

No the req_xxx on the "ID" field

grizzled breach Feb 26, 2025, 5:55 AM

#

req_UaER5SN0BBBxes

oak sail Feb 26, 2025, 5:55 AM

#

req_GVV7f...

grizzled breach Feb 26, 2025, 5:56 AM

#

req_GVY7Fjq7eidxBD

oak sail Feb 26, 2025, 5:56 AM

#

grizzled breach req_UaER5SN0BBBxes

What was this Id?

grizzled breach Feb 26, 2025, 5:56 AM

#

same error

#

just different occurence

oak sail Feb 26, 2025, 5:57 AM

#

Thanks looking closer

grizzled breach Feb 26, 2025, 5:57 AM

#

thanks

#

(btw do you work for Stripe? dont know how this discord works)

oak sail Feb 26, 2025, 5:59 AM

#

Yes I work for Stripe

#

All member with "Stripe Staff" on this Discord server work for Stripe

grizzled breach Feb 26, 2025, 6:00 AM

#

thanks

oak sail Feb 26, 2025, 6:13 AM

#

Yeah I see this Restricted Key is missing a few permisisons, but not sure which one on the UI can be sufficient. Could you write to Support? We will continue there

grizzled breach Feb 26, 2025, 6:17 AM

#

Yes I wrote to them

#

Ok I will wait for their response

#ddmm_api