#ranjeet-oauth

proven patio · 2022-03-03T08:21:50.374Z

ranjeet-oauth | Stripe Developers | Page 1

1 messages · Page 1 of 1 (latest)

proven patio Mar 3, 2022, 8:21 AM

regal cosmos Mar 3, 2022, 9:21 AM

Hi! The entire idea of an extension is to provide a service based off the data in the Stripe account. To that end, the extension must be able to read the relevant data in the Stripe account. So yes, it is expected that whoever has access to Rudderstack Stripe account, would be able to view relevant data (e.g. payments, transactions,etc) on the connected account as well.

If that's a concern, I would suggest restricting access to the Stripe Rudderstack Dashboard account, to limit who can access the connected account data.

And regarding the first option you mentioned (using API keys), I would strongly recommend against it for security reasons.