phillip-objectIDs | Stripe Developers | Page 1

glacial kiln May 17, 2022, 3:53 AM

#

hi there! it's fine to have PaymentMethod IDs in the frontend. There's no sensitive information in the PaymentMethod ID itself, nor can any sensitive information be retrieved using the PaymentMethod ID without a secret key

queen nymph May 17, 2022, 3:54 AM

#

Is there any object ID's that I should be careful with passing to the front end? I currently have paymentMethods ID's, subscription ID's, product ID's, price ID's, etc

#

I guess the main concern is the possibility of people being able to use this info for any exploits?

glacial kiln May 17, 2022, 4:01 AM

#

no specific object ID comes to mind. There are specific fields which are retrievable via the publishable key but they are non-sensitive info. Fields which are retrievable using the publishable key are explicitly mentioned in the API docs saying RETRIEVABLE WITH PUBLISHABLE KEY e.g. https://stripe.com/docs/api/payment_intents/object The only thing which you want to make sure you never expose is your API secret key.

queen nymph May 17, 2022, 4:07 AM

#

Thank you for the quick response! I appreciate your help

#phillip-objectIDs