peanut-apikey-question | Stripe Developers | Page 1

knotty raven Apr 6, 2022, 12:09 AM

#

@fallow perch a lot of harm unfortunately if they get the Secret API key. For example they can refund all your existing charges

fallow perch Apr 6, 2022, 12:10 AM

#

oh ok

#

i guess its seperate than my public api key

#

how can they do that without my id?

knotty raven Apr 6, 2022, 12:11 AM

#

Correct it's separate. Each account has a pair of API keys. A Secret API key stored securely on your server for the majority of calls and a Publishable API key that is used client-side (where anyone can see it) to collect card details securely

#

the Secret API key is your id. That's how all API requests are authenticated, that's what your code uses to create a Customer, a Refund, respond to a Dispute, etc.

fallow perch Apr 6, 2022, 12:12 AM

#

i had a dev which i gave my key to sor him to settup the website and he left within a week and im worried what harm he could do

#

ok

#

i thought it was ok to share id?

#

not api key though

knotty raven Apr 6, 2022, 12:12 AM

#

what do you call "share id"?

#

what's an "id"?

fallow perch Apr 6, 2022, 12:13 AM

#

account id

knotty raven Apr 6, 2022, 12:13 AM

#

but really if you gave the API key to the dev and they stopped working with you you should make sure to roll that API key https://stripe.com/docs/keys#rolling-keys

#

account ids are not really relevant for a developer

fallow perch Apr 6, 2022, 12:14 AM

#

can i confirm that if the api ket starts pk_live that its the public one

knotty raven Apr 6, 2022, 12:14 AM

#

correct pk_live_123 => Publishable API key

fallow perch Apr 6, 2022, 12:15 AM

#

and there is no way anyone could acess my account or harm me in annyway with it

#

also the test one i assume is publishable

knotty raven Apr 6, 2022, 12:16 AM

#

pk_test_123 is publishable too yes

#

ultimately, if you hire a developer, you have to trust them 😅

fallow perch Apr 6, 2022, 12:17 AM

#

thank you man

#

i can work stress free

#peanut-apikey-question