👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1457912897945468970

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hi! Looking at your query.

Is the request ID you provided created by the previous secret key or the new key?

One way you can check for past logs for a rotated API key is by

• going to your logs on the dashboard
• clicking on a request log created by the previous key
• you will see API key sk_live_xyz in the request
• click on it and you will see the option to View request logs
• clicking on that will allow you to view past request logs created from the previous API key

You should store the API key ID (starts with mk_) for the old ID in case you need to search for the logs again.

Understand, but is there anyway to download or export all logs as a file?

And the logs only available for 1 month, right?

And one more question, If someone use our key to request some customers' billing information using different ip address and user agent. Should these requests marked as alart or errors?

Understand, but is there anyway to download or export all logs as a file?
I don't think there is a way to do this.

And the logs only available for 1 month, right?
https://support.stripe.com/questions/stripe-request-log-retention-period: Users can only access request logs created within the last 15 months from the Dashboard.

Should these requests marked as alart or errors?
Are you asking if Stripe alerts you for such requests or we throw an error? We have a fraud detection and prevention system where we monitor things like IP addresses, etc. associated with API requests, although we may not automatically block requests just because they come from a new IP or user agent. It may depend on the sensitivity of the request and a lot of other factors.

Yes. I just want to know if Stripe can alert us if there is a API KEY used from different IP address and different user agent. Because I didn't receive any alert and suspicious activity reports, so I'm not sure if the data breach happened.

If you have concerns about fraudulent actors using your secret key from a different IP address you can limit your secret key to certain IP addresses: https://docs.stripe.com/keys#limit-api-secret-keys-ip-address

This is a guide on the best practices for managing your secret key: https://docs.stripe.com/keys-best-practices

But for your specific answer I would recommend reaching out to Stripe Support (https://support.stripe.com/contact), they'll be able to advise you on your question. We mainly help with developers who want to integrate directly with the Stripe API here on this channel.

OK. Thank you sam, I will get reach to the support directly.

⛔️ Stripe developers have stepped away for a short while

Please leave your questions here, and we’ll respond as soon as we're back! If you need help urgently, you can contact Stripe support for help.