k-nicholas_api | Stripe Developers | Page 1

fast havenBOT Aug 26, 2025, 11:41 AM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1409865236348928046

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

k-nicholas_webhooks, 3 days ago, 25 messages

#

sour arch Aug 26, 2025, 11:43 AM

#

No, don't use idempotency. That is not what it is intended for. #2 is the correct way forward to persist the object ID against an internal card record which you can re-use

swift siren Aug 26, 2025, 11:54 AM

#

thanks @sour arch ! btw, we can see the expires_at is 1 day. is that the expiry of the clientSecret or the checkout sessions id?

e.g: what happen if we call checkout.sessions.retrieve() with an checkout sessions id after 2 days, will we get a different clientSecret? or it will error out?

sour arch Aug 26, 2025, 11:56 AM

#

The expires_at timestamp is the expiry of the session. Beyond that timestamp, it cannot be confirmed – you'd need a new session

#

(there's no way to extend it beyond that – 1 day is max)

swift siren Aug 26, 2025, 11:58 AM

#

ohhh okay got it

#

so we will always need to check the expires_at value. if it has expired; we should call checkout.sessions.create() to create a new one

fast havenBOT Aug 26, 2025, 12:00 PM

#

sour arch Aug 26, 2025, 12:00 PM

#

Well the session will transition to status: 'expired' automatically beyond the expires_at timestamp

#

But yes you'll need a new session if either status: 'expired' or Date.now() >= expires_at

#

you'd also get a checkout.session.expired event so you could maybe just re-create the session for them with the same params etc and persist the new client_secret

swift siren Aug 26, 2025, 12:03 PM

#

regarding persisting the client_secret. is it bad idea to persist that in our db? even if is kms encrypted? or should we always fetch the client_secret by using the checkout.sessions.retrieve() API?

pale ember Aug 26, 2025, 12:06 PM

#

Hey! Taking over for my colleague. Client Secret is designed for public usage, so it's safe to save it, but I would recommend that honestly, because in all cases you'll need to make an API call: Your backend or Stripe API, I would presonally choose relying on Stripe API in this case.

swift siren Aug 26, 2025, 12:09 PM

#

how does rate limit work here btw. i see the docs say 100 operations https://docs.stripe.com/rate-limits

so i assume is the sum of all API per seconds?
e.g: we could do 50 create() + 50 retrieve() in a second before we hit the limit ( assuming we dont use other API)?

pale ember Aug 26, 2025, 12:11 PM

#

API endpoints have stricter limits which is 25

#

but the some can't exceeds 100 yeah

swift siren Aug 26, 2025, 12:12 PM

#

is calling stripe.checkout.sessions.create() from backend nodejs SDK consider API endpoints or API request?

pale ember Aug 26, 2025, 12:18 PM

#

An API request is a call to an API endpoint

swift siren Aug 26, 2025, 12:20 PM

#

yea thats what i thought initially. but seem stripe have a different definition?

#

#

it say
API request is 100
API endpoints is 25

pale ember Aug 26, 2025, 12:22 PM

#

You global rate limits for all API requests is 100

#

For each API endpoint, the limit is 25

swift siren Aug 26, 2025, 12:22 PM

#

got ittt

#

so is basically saying
each API request is 25 and
global is 100

example:
stripe.checkout.sessions.create() is 25
stripe.checkout.sessions.retrieve() is 25

and if i call another two different API beside the above.

the global max is 100

pale ember Aug 26, 2025, 12:24 PM

#

Yes that's it

swift siren Aug 26, 2025, 12:28 PM

#

btw we are using stripe connect. and we are the platform (which will have multiple connected account)

is the rate limit of stripe.checkout.sessions.create() 25 per connected account. or it count against the platform?

pale ember Aug 26, 2025, 12:35 PM

#

It's per Connected Account

swift siren Aug 26, 2025, 12:37 PM

#

phew. thats good to know

#

btw is there alert or monitoring we can set up to know if any connected account are at 70% of the limit. so we can start raising support ticket to bump it? or stripe will automatically monitor and bump it?

pale ember Aug 26, 2025, 12:40 PM

#

is there alert or monitoring we can set up to know if any connected account are at 70% of the limit.
Nope.
or stripe will automatically monitor and bump it?
Stripe monitors that but doesn't bump it autoamtically, you need to raise a support ticket for that

#

What you can do is to monitor all your calls to Stripe APIs and when you got 429, then you start investigate/raise Support ticket for increase..

swift siren Aug 26, 2025, 12:43 PM

#

and lets say eventually we need to raise a support ticket to increase it. how long will it take? is it going to be within 15mins? or hours? or days? or weeks?

pale ember Aug 26, 2025, 12:44 PM

#

I'm not sure about the exact timing, but this will takes some times yeah

#

What you can do in the meantime is to implement an exponential backoff retry mechanism in your api Call
https://docs.stripe.com/error-low-level#should-retry

swift siren Aug 26, 2025, 12:52 PM

#

okay thanks!

#k-nicholas_api