#comegetsome_stripe-app-connect-relationships

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1395424033868087471

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• comegetsome_error, 1 day ago, 46 messages

hey there, this is a limitation of Apps because it uses Connect-like mechanisms itself to authenticate with your platform account

So just like a platform of a platform (outside of Apps context), you arent able to perform operations on "grandchild" accounts

This is something we are looking at though

Are you trying to build an App yourself as the platform to help faciliate some of your operations on connected accounts?

If so, I'd like to raise this to the team working on Apps so they can perhaps reach out to learn more about your use case. Can you share your platform account ID (eg acct_1234) that I can use to get in touch?

I need to step away, but I've sent you a friend request @eager birch -- if you see this later please feel free to DM me the account/contact info.

So how can I get around it?

Currently, you can't -- fundamentally you need to make requests related to your connected account as your platform (using your paltform keys), and not with the App which is abstracted one layer back/higher

My use case is this: A stripe app, that when installed can fetch the connected accounts of the platform (that its installed on).

Its a straight forward requirement

I think there is some bug and it 'thinks' its one of the connected account calling the API when instead its the platform account - hence the error

The app is not for my own platform. Its for people who are running platforms and marketplaces.

I'm telling you its not a bug, its an inherent constraint of Apps currently.

Ok, thanks for the context, but the same restriction applies. See here: https://docs.stripe.com/stripe-apps/plugins/decide-migration

If your service uses the connected accounts of other platforms

Using the connected accounts of other platforms is uncommon—but in some cases, plugins are designed to use the transitive access of a platform’s secret API key to make API calls on behalf of the platform’s connected accounts. Currently, the only supported option is to have your users manually create restricted API keys. When creating the key, the user must check the appropriate boxes to grant permissions on their connected accounts.

🙂 we built the whole app and we can't launch it

This shouldn't have worked when you were testing with your app installed on platform accounts, either

It works in Test mode and Sandbox just fine

Can you share an example request doing that in test mode or sandbox? This should be impossible using the same pattern

(eg, req_123)

ok let me try it and grab some logs

One of those account list requests, for example

I dont think the UI Extension SDK API calls are logged in Developers -> Logs

My understanding is that if I am publishing an app on the marketplace, any platform account that install the app should be able to authenticate and operate on both their platform account and their connected accounts, provided the necessary permissions are granted (through stripe-app.json). The app should function accordingly based on that principle. It should not mix up my platform id to theirs and try to establish a grandparent relationship..

Thanks for that result -- based on the first account in the list, acct_1EG7TwBENesAQTLZ I can see that the test platform it's connected to is acct_1RhIfYJQoEUExGwO but I'm not seeing associated account list requests

Can you get an example request ID from your code, by inspecting the response headers you get back?

sure

Req id: req_O3vRtP1u5KhFN4
In this request I am getting a 400 error and the grandparent message.
Platform acct in this case is: acct_1EG7TwBENesAQTLZ
Connected acct is: acct_1Rgkj4IRWU4O8Lm8
-- The /accounts/list should return 1 connected account but returns 400.
The Stripe App context is somehow set to as a Connected account and hence the error.
If it is set to Platform acc, the API will work.

I can paste all headers if needed

Ah thanks, will take a look at that

Thanks @earnest portal
If I run the stripe accounts list in Developers->Shell. It works fine..

Same platform: Works with Shell

That list request should appears in your Dashboard logs for that platform: https://dashboard.stripe.com/test/logs

What account are you logged in to there? Should be shown in the Dashboard here: https://dashboard.stripe.com/settings/account

This request is not loading for me internally 🤔

Ok I can see this list request from a couple days ago from the platform acct_1EG7TwBENesAQTLZ
https://dashboard.stripe.com/test/logs/req_nGNlDqlFTzq5in

And i can see this errored request when you tried to make the Account List request for a connected account, which is not supported: https://dashboard.stripe.com/test/logs/req_mdfCBwEjG9pDIe

That example is basically the same limitation as the Stripe Apps limitation -- not supporting grandparent/grandchild request patterns

I am logged in with: acct_1EG7TwBENesAQTLZ

If the Stripe App makes the API calls, they are not logging in Logs.

Those that are from 2 days ago were from Shell, I think

This doesn't make sense!

The case I am trying shouldn't trigger this error.

If I was in Connect Account context, then yes, its a valid error

but when I am platform account, that error is wrong

Please can you raise that with the backend team

Let's take Apps out of the picture for a second.

Say you had accounts A B and C, with B connected to Platform A, but but is also a platform with connected account C.
So A -> B -> C

A can list its own connected accounts and get [B], B can list its own connected accounts and get [C], but A cannot list connected account for B to get [C]

Now consider that A is your App

The App installed on B is a connect relationship, so that means, currently, that you cannot access account C at all, either directly or transitively through B

I think what we should do at this point is convert to a support case where we can keep talking, and I'll raise this with the Apps team for their input. So far, I haven't seen a request matching this shape that worked from your App for a test platform, which I would expect to also error like other examples.

If there's unexpected behaviour here, it would be this unsupported pattern somehow working in a test or local app context when it should not, which lead you to believe this would work later.

Hello @eager birch, we have sent you a direct message, please check it at https://discord.com/channels/@me/1395473764808130672

• 🔗The message has instructions on how to open a direct support case with our Developer Support team, in order to help you more effectively.

Please see your DMs, our bot should have sent you a link you can use to open a case with context from this discussion that I can carry forward.