#rdhelms_unexpected

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1458817033838792932

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Here's the console error

We didn't make any changes to the app between the time that we were not receiving this error and now

hi there!

Server-side we use '2025-06-30.basil'

And client-side we import <script src="https://js.stripe.com/basil/stripe.js"></script>

But we're getting that console error

I'm confused. you are talking about API versions, but the error is about API keys. so it's completely different.

you need to make sure the Stripe API key you are using on the backend and the frontend belong to the same merchant.

Yes, we are. We're using our publishable key in the client and the secret key server-side from the same Stripe account

And purchases are still successfully being made, so it's unclear to me where this error is coming from

Which led me to wonder if it could be related to the API version mismatch rather than just the keys

Which led me to notice that the script importing the basil-versioned stripe.com code is actually making v3-versioned requests under the hood. If all of that is expected, then it's unclear to me where this error is being thrown from

And like I mentioned earlier, we haven't made any changes to the app between the time that we were not receiving this error and the time that we are now

I also couldn't find any helpful documentation about this api key mismatch error

can share a Checkout Session ID (cs_xxx) with this issue?

The one that I have open right now with that console error is "cs_live_a12dPD8CQPzqvoWq2xeHRNEwKP0uQ0FzcZK4GXCf8ggBGBD5nKfYMXi1Ss"

got it, this was created by using the secret key of acct_****CBD3

can you share the last 4 characters of the public key you are using on the frontend?

E2tN

thanks, having a look

I mean what the error message is saying is technically true of course because the loadStripe() call is using the publishable key while the checkout session is being created using the secret key...but as far as I'm aware that's how it should be?

So it's unclear to me why that would cause an error to be thrown, and why we're seeing the error now but not in the past

hi there, taking over as soma needs to step away. is the page that is throwing the error available publically, so we can take a look?

Yes if you go to https://study.pocketprep.com and create an account and then try to upgrade, then you should see the console error

thank you, looking now

do you have a test account I can use by any chance?

Sure try this:
email = stripetest@pocketprep.com
password = Password123

And then click the "Upgrade to Premium" button at the top

And then click "Add Payment"

This is what I see after those steps

It looks like the error is being thrown from here
https://js.stripe.com/v3/fingerprinted/js/embedded-checkout-outer-179787150b2d376d61aed498750928f0.js

Do you have any sense yet of whether this is actually a state that could be causing payment failures, like the error suggests, or if it's more likely a false alarm?

still investigating, can you tell me what API key you are using when you are calling loadStripe()? in the API request it looks like you are using a public key ending in uNmt

The loadStripe() call in the client is using the publishable key ending with E2tN

ok, I've checked with my colleagues and this appears to be a bug with how that log is displayed. this won't impact payments on your end. we'll work on fixing it

Interesting, ok well that's helpful to know at least - thanks

thank you for bringing this to our attention!

For sure - thank you!

basically your account seems to have 2 separate Publishable API keys (mine does too). It's uncommon (but not that rare) and the code built didn't take this into account

Ah, interesting - thanks

Is there any reason why we should try to remove or disable one of those?

I'd say no, it doesn't really change anything. I've had mine for many years and you likely do too (we had a bug many years ago where we created a second key by mistake lol)
Really it's just bad luck with the warning and we'll fix it (to flag real potential issues)

Haha sounds great, thanks. Appreciate all the context