#jz-1_best-practices

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1410757597518364713

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• jz-1_best-practices, 2 hours ago, 25 messages

https://discord.com/channels/841573134531821608/1410704668387971113 we had a previous discussion here where we were told it was possible

yep! catching up on that now

but we're seeing this error now

hi @pallid tangle - thank you

of course! i'm pretty sure there's a backend configuration change that our support team can enable for you - have you already tried going through the support contact form and chatting with them there?

yes we did but the support team kept routing us to email and it's been no productive responses for the past 3-4 days 😥

hmm that is unfortunate. gimme just a bit to look into things

thank you so much! anything we could share to cross reference?

if you can share your account ID with me real quick that might help a bit

yep ofc let me dm it to you now

it's not considered sensitive info so you can just share it here actually

ah ok

acct_1RMvb8BwIAphIxCv

Hi

@wet frost is also helping from our team to move this forward

Ty @pallid tangle for looking into resolving this for us - happy to share any info that will help resolve

ok, so a couple of things:

1. what the previous person on discord told you is technically accurate, you can go down this path of using oauth with read_only access. however, that is no longer the preferred integration path and requires approval, which is likely why you've been waiting on the support team for a few days at this point.
2. the recommended integration path for things like this is to use stripe apps, which you can read more about here: https://docs.stripe.com/stripe-apps/create-app

since it sounds like you've already started down the extension (legacy) path, this guide walks you through exactly how to migrate to stripe apps:
https://docs.stripe.com/stripe-apps/migrate-extension

Thanks @pallid tangle - we actually have this running in production for read write today and from scoping stripe app buildout is much more intensive

We plan on adding stripe app for public access in the near future, is there a way to request for read only access permissions in the short term? After all we are looking for less permissions than we are granted currently to accommodate new customers

let me see if i can find information on your existing ticket you've submitted to support, sadly i can't get it enabled but i can see if i can find the ticket and its current status

gimme just a bit

Of course and thank you!

We have been following up on email as well with little response so appreciate u

can i DM you for some additional details?

@queen willow

actually no, i think i was able to find the case

Sorry just seeing - still needed?

nope! i'm good for now

Got it!

ok, so as i mentioned before i can't directly unblock you on this specific issue, but i have updated the case with notes from our conversation and details that should help expedite things when the support team take another look

just for some additional context, while read_only does seem like a reduction of scope, it also changes some access patterns regarding oauth that make things a little tricky, which is why additional review is required. i know that doesn't really move things along faster, but i at least want to provide more details

Interesting, is there public info or api docs on what exact access patterns are changed?

Thank you for following up - what do u recommend for us as next steps to get a configuration change approved?

this article has some details - essentially the end goal is to prevent platforms from being able to read each other's data. read_only connections can exist alongside read_write connections which means that if multiple platforms connected to a single account with read_only they would be able to view the data created by platforms with read_write
https://docs.stripe.com/connect/oauth-changes-for-standard-platforms

as far as next steps go, i've updated the case with all the necessary docs (external and internal) that the support team should need when they take a look at the case, so i think at this point just waiting to hear back from them (which should hopefully be soon)

Got it so this is more about potentially accessing post data + attached metadata

From the platform account perspective (us) it doesn’t seem like there is a real issue since we are just observing?

also FYI i need to run for the day, but i've filled @warm prawn in on the current state of things so they can help you if you have any additional questions

Of course thank you

hello 👋 please give me a moment to catch up, if you have any question you can continue to share it in the meantime

yeah, as long as you are the only account connected to a given standard account then there is no issue, but migrating to read_only opens up the potential for this scenario, hence the need for review

gotta run for the day but best of luck!

Hi @warm prawn! of course - our status is that we just want to get production and sandbox approval to connect via read only for a new user who is not interested in us managing their payments

We have a production instance of connect read write running and plan to implement a full stripe app as soon as possible, but would love support to expedite the process since we already have the connect app built

gotcha, i saw the context @pallid tangle added on your support case and it contains clear actionable steps in order to help it progress. I will put in a note to escalate it internally - hopefully you can get a reply by this week

Thanks! Do you know if these requests are always approved and there is just a timeline or there is a risk we would not be able to get this granted?

Hmm..we wouldn't know this because it depends on individual Stripe accounts.

Hm ok we will keep pushing the other support ticket then

Hopefully it’s not a very long process..we were surprised to find that getting less access is harder

Hopefully, I do apologize for the experience. I escalated the issue and there should be movements soon

amazing tysm! we're standing by

@warm prawn actually wondering - does this same restriction apply if we support direct integrations that only does read only?

asking because stripe app buildout as a plan b feels heavy and it seems like direct integration doesn't change the api/sdk logic too much outside of headers, we are trying to understand what we can do if this drags on for days

By direct integration, do you mean creating connected accounts directly using your Stripe account as the Platform?

Our docs say only Extensions can use read_only, so your Stripe account would still need to go through the process of changing your Stripe accounts Connect config.

was referring to direct integration as with an api key that can optionally be restricted

from our understanding we cannot just create connected accounts for our users since that doesn't have access to their existing data - to do so we have to use a standard account

need to go through the process of changing your Stripe accounts Connect config

got it

from our understanding though stripe app that replaces the read only functionality as your coworker mentioned above is primarily for creating ui inside of stripe, which feels like a different use case from connect - is that the current best approach if we need to view data / listen to webhooks (read) & optionally manage payments for some users (write)?

I see, thanks for clarifying. The UI part is one thing, but I believe what you're looking for is customizable granular permissions to help users understand what data can be accessed, right? If so, Stripe App is the best approach. Without using Stripe App, you won't be able to just obtain read access

@warm prawn we really just need to restrict our connect platform to read only instead of read write - we're not looking to add anything to the stripe dashboard ui