#cole-caccamise_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1405986285243469967

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

{"error":{"message":"Your request is missing permissions to create cards. You may need more permissions to continue.","message_code":"issuing_embedded_key_missing_card_create","type":"invalid_request_error"}}

Can you share the code you're using?

the account session we create (that returns a client secret like accs_secret__xx) specifies this for the issuing card component:

{
        enabled: true,
        features: {
          card_management: true,
          card_spend_dispute_management: true,
          cardholder_management: true,
          spend_control_management: true
        },
}

setting up the issuing card component

const opts = {stripeAccount: "#{@stripe_account_id}", bankAccount: "#{@account&.id}", card: "#{@card_id}"};

    const stripeConnectInstance = StripeConnect.init({
      publishableKey: publicKey,
      fetchClientSecret: () => fetchClientSecret(opts),
    });

...

const issuingCard = stripeConnectInstance.create('issuing-card');

      issuingCard.setDefaultCard("#{@card_id}");
      issuingCard.setFetchEphemeralKey(fetchEphemeralKey);

the API reuest made to /v1/issuing/cards was done by the component, we never called it directly

i havent been able to find the request req_EyV4OUtVLTR43x in the inspector whether or not i view the dashboard as the connected account. i'm not sure if it has extra info. i just haven't seen anything about what this error code means and what permission we aren't giving users

Hm you request all the features that are applicable

Can you share the code where you create the ephemeral key?

const fetchEphemeralKey = async (fetchParams) => {
      const {issuingCard, nonce} = fetchParams;
      const csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute('content');
      const stripeAccount = "#{@stripe_account_id}";

      const response = await fetch('/stripe/ephemeral_keys', {
        method: "POST",
        headers: {
          'Content-Type': 'application/json',
          'X-CSRF-Token': csrfToken
        },
        body: JSON.stringify({account: stripeAccount, card_id: issuingCard, nonce: nonce})
      });

      const data = await response.json();

      return {
        issuingCard: data.card,
        nonce: data.nonce,
        ephemeralKeySecret: data.secret
      };
    };

on the backend:

ephemeral_key = Stripe::EphemeralKey.create({
                                                   nonce: params[:nonce],
                                                   issuing_card: params[:card_id],
                                                 },
                                                proc.stripe_opts(provide_account: true))

    render json: { secret: ephemeral_key.secret, nonce: params[:nonce], card: params[:card_id] }, status: :created

Hm yeah that looks normal

Let me look around a bit longer but you might have to write in to support on this one so it gets escalated to the owning team

Yeah you'll have to write in on this one unfortunately

Hello @timid vector, we have sent you a direct message, please check it at https://discord.com/channels/@me/1406001292412719287

• 🔗The message has instructions on how to open a direct support case with our Developer Support team, in order to help you more effectively.

Got it, appreciate the help