#dave-g_api
dry rainBOT
๐ Welcome to your new thread!
โฒ๏ธ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.
โฑ๏ธ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.
๐ This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1402841423320973453
๐ Have more to share? Add more details, code, screenshots, videos, etc. below.
urban dust
Hi, I was chatting with a support rep who sent me this message:
"
What a Platform CAN do with a Standard connected account:
โโ
Create charges on your behalf (if granted write_charges permission)
Access basic account information (if granted read_only permission)
View customers (if granted read_customers permission)
Process refunds (only if specifically granted write_refunds permission)
Create payment intents and setup intents (with appropriate permissions)
"
He said I should come here for more info. I was wondering what other permissions are available and where it should be placed in the code..
I'm only aware of this url used for oauth https://dashboard.stripe.com/oauth/v2/authorize?response_type=code&client_id=xxxx&scope=read_write
dusk notch
hello! Can you share more details on why you're trying to limit platform access to a connected account?
urban dust
Hi Alex, a merchant we're looking to do business with is concerned allowing their account to be controlled by our platform, saying we will be having "too much access".
They would rather create a restricted API key with limited access (maybe just to create charges and customers) but then we can't apply the application fee..
wind trail
Hi! Stepping in for my colleague! Having read access and / or write access for specific objects is only available in Stripe Apps: https://docs.stripe.com/stripe-apps/reference/permissions
With Stripe Connect, you will have read_write access: https://docs.stripe.com/connect/oauth-reference#get-authorize-request
The doc above mentions: Note read_only can only be specified for extensions. Do note extensions are deprecated and is now replaced with Stripe Apps.
urban dust
I see.. so if we were set up as an app, we can offer granular permissions..
wind trail
Yeap
urban dust
hm, but I don't think that would work then for our platform.. is there a possibility permissions would be added to oauth connect?
do you know what this quote would be in reference to? It's from a support rep on stripe support
What a Platform CAN do with a Standard connected account:
โ
Create charges on your behalf (if granted write_charges permission)
Access basic account information (if granted read_only permission)
View customers (if granted read_customers permission)
Process refunds (only if specifically granted write_refunds permission)
Create payment intents and setup intents (with appropriate permissions)
wind trail
There are no planned changes for oAuth Connect. So if you wish to have read_write access you can use oAuth Connect otherwise you will need to explore Stripe Apps based on what permissions you wish to have for the connected account.
urban dust
ok thank you