#palfrey_rak-api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1496626316567379989

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

palfrey_rak-api

@fathom kraken We don't have that feature publicly. We are working on it though but not sure if/when we'll take beta testers. I recommend reaching out to our support team: https://support.stripe.com/contact to ask for access once ready

But honestly my take is that it should extremely rare anyone needs something like this and you likely went downa rabbit-hole when you could have created one RAK and then added permissions as you needed them

I'm kinda prone to that sort of thing. Let me put it this way: I actually want Terraform support for this, and if it was in your public API, but not the Terraform plugin I'd be writing patches right now!

It's also the problem that I'd want to create one RAK for test mode and another in prod, and keeping the two in sync with permissions by hand irritates me, even if I only have to do it rarely.

Yeah that's fair. My take is: start with a Secret API key, do RAKs later (or never) :p

TBH, given my product's very small number of users, that's probably the right approach. I like the idea of RAKs, but if I'm having to manage them by hand they're going to get frustrating fast

yeah and you haven't hit the "oh that API now has a new feature so your call doesn't work anymore even though you had the right permissions"

obviously not something we want to happen a lot, but it does happen

RAKs are a great idea, but my take is most developers would benefit from using Secret API key + having a real flow to roll them regularly" more than "try to have a limited permission one in case it leaks"

Oh fun. Is that even if you're not using the new feature?