#red_integration-security-checklist

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1434972337639522447

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• red_api, 3 days ago, 87 messages
• red_api, 5 days ago, 113 messages
• red_payment-element-load-event, 6 days ago, 48 messages

Hello 👋

Generally we recommend basically what you are doing. The secret key gives full access to the API so keeping that secure in a server environment you control and out of version control is paramount to securing your application

The publishable key is intended to be safe to include in public, user-facing elements of your integration like web or mobile applications

We have a guide for ensuring your integration is secure here: https://docs.stripe.com/security/guide