Lord-Y-paymentintents | Stripe Developers | Page 1

sacred vapor May 18, 2022, 6:36 PM

#

Hello! Give me a few minutes and I'd be happy to help

cedar stag May 18, 2022, 6:46 PM

#

ok

final mulch May 18, 2022, 6:59 PM

#

Hey there stepping in for karbi who needs to step away, reading above now

#

What is your specific concern?

#

Nobody can call the Stripe API (including modifying metadata) unless they have your secret key

#

these are server requests

cedar stag May 18, 2022, 7:02 PM

#

I mean if you make a post to yourdomain.com/api/xxxx/pay with the publishable key

#

I just want to be sure that stripe will somehow kick this kind of request

final mulch May 18, 2022, 7:02 PM

#

this is your own API, which internally interacts with Stripe?

cedar stag May 18, 2022, 7:02 PM

#

yes

final mulch May 18, 2022, 7:03 PM

#

if your customer can induce your server to make requests, and the requests come from your server using your secret key, Stripe wouldn't know whether these are intentional or not. You need to ensure your own API is secure from misuse

cedar stag May 18, 2022, 7:05 PM

#

not the answer I was expected

#

from the example

#

you have a frontend and a backend

#

from your frontend you can reach your backend as you have to make a post to /pay endpoint example

final mulch May 18, 2022, 7:06 PM

#

What front end are you referring to?

#

Which server are you referring to? You described your own API endpoints, but now saying "your backend" it sounds like you're referring to Stripe's API?

#

Can you illustrate with a specific example/sequence?

cedar stag May 18, 2022, 7:10 PM

#

sure

cedar stag May 18, 2022, 7:40 PM

#

Okay, nevermind. After thinking again, I'll try the checkout session https://stripe.com/docs/payments/accept-a-payment . Thx for your help 🙂

Accept a payment

Securely accept payments online.

final mulch May 18, 2022, 7:52 PM

#

NP!

#Lord-Y-paymentintents