#meeram-x_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1498639224675631166

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

hi there!

hey soma! I hope you can help

are you making an API request from a platform account to a connected account?

I’m using Replit to build a website and configure payments so we are trying to use strip payments. I’ve put the secure key in the secrets tab in the development tool but it won’t work? I keep receiving the error codes I pasted above 401 - I have checked the code countlessly and made sure I pasted the right code. I screenshot the code when I rotated the key. I then used notepad to make sure I’ve copied and pasted the write code with no spaces and then finally pasted into the secret tab in the developer tool. But we keep receiving the issue for every key we rotate

can you share your account ID (acct_xxx)?

In stripe? My account would be under my email

this is a public channel, so I receommend deleting your email.

and what I need to is your Stripe account ID that you can find here: https://dashboard.stripe.com/settings/account

thanks, I confirm that you have a secret key that ends in kVQ8.

I don't know anything about Replit. but this seems strange:

Direct curl to api.stripe.com/v1/balance with the same key returns 401 "Invalid API Key", so Stripe itself rejects it — not our framework.

can you share the curl command you are running (make sure to redact the secret key)

curl -i -u "sk_live_REDACTEDkVQ8:" https://api.stripe.com/v1/balance

I just tested this with my own secret key and it worked.

Here's the exact command (secret redacted):

curl -i -u "sk_live_REDACTEDkVQ8:" https://api.stripe.com/v1/balance

Run from a Linux shell with the live secret key from our Stripe Dashboard (the one ending in kVQ8, account acct_1T8QJfDgG2BlfEsQ). Response is HTTP/2 401

can you create a new sercet (or restricted) key, and make sure you copy-paste it correctly.

Same 401 happens against /v1/account and from inside our Node app using the official stripe-node library. Account is in "submitted/awaiting review" — we suspect that's the cause.

I have rotated the key on so many occasions - but same error

Thanks for testing. I've already rotated the key multiple times today and previously — every fresh key gives the exact same 401. The key shown in our Dashboard (ending kVQ8) is byte-identical to what's in our environment (verified length, prefix, no whitespace, no hidden characters), and it still fails.

Since rotation isn't the issue and your own key works fine against the same endpoint, can you please escalate this to the account/risk team? Our account acct_1T8QJfDgG2BlfEsQ is in "submitted/awaiting review" status with an open case sco_UPlUkQqaouwjSD, and we believe that review is what's blocking live API auth. We need someone who can see the account-level restrictions on this account.

can you please escalate this to the account/risk team?
if you want to talk to Stripe support, you would need to reach out to them directly here: https://support.stripe.com/contact. but if I understand correctly you already have a conversation with support?
we believe that review is what's blocking live API auth
I don't think this should impact using your API key

my guess is that this is an issue of using the wrong API key, as the error message explain. maybe there is an encoding issue when you copy the API key from the dashboard to the CLI?

Thanks soma — appreciate the time. We've already verified there's no encoding/whitespace issue (the key is byte-identical to the dashboard), so I'll take this back to the official support channel via the form. Have a good one

yes makes sense to continue your conversation by email. make sure to share as much information as possible, like the curl command you are running, the key ID you are using (mk_1TQvSrDgG2BlfEsQFejP66oL), etc.