#Emily Marin-errors

Hi 👋 what are the errors that you're receiving?

Error: You did not provide an API key. You need to provide your API key in the Authorization header, using Bearer auth (e.g. 'Authorization: Bearer YOUR_SECRET_KEY'). See https://stripe.com/docs/api#authentication for details, or we can help at https://support.stripe.com/.
at res.toJSON.then.StripeAPIError.message

But I do provide the key:

const stripe = require("stripe")(process.env.REACT_APP_STRIPE_API_SECRET_KEY)

  async (request, response) => {
    const preparedLineItems = await JSON.parse(request.query.data)

    const session = await stripe.checkout.sessions.create({
      line_items: preparedLineItems,
      mode: "payment",
      success_url:
        "http://localhost:5001/team-green-6d418/us-central1/createSuccessPage?session_id={CHECKOUT_SESSION_ID}",
      cancel_url: `${DOMAIN}/canceled`,
    })
    response.redirect(303, session.url)
  }
)```

I deploy to Firebase functions - is your init snippet there missing a few lines? Mine looks more like

import Stripe from "stripe";

import { configs } from "../Functions";

// Set your secret key. Remember to switch to your live secret key in production.
// See your keys here: https://dashboard.stripe.com/apikeys
const secret_key = configs?.stripe?.stripe_test_key;

export const stripe = new Stripe(secret_key);

//IMPORTANT NOTE: THIS DOES NOT APPLY TO 429's!!!
stripe.setMaxNetworkRetries(2);

It worked locally without all those extra lines (before deploying), but that could be the problem. I'll try that and get back to you.

Mostly, the creating a new Stripe() object passing the key (and logging that the key is actually in the environment - I use Firebase Secrets)

const functions = require("firebase-functions")
//define the stripeKey variable from the secrets file
const stripeKey = process.env.REACT_APP_STRIPE_API_SECRET_KEY
//require stripe, which is installed already- I'm pretty sure this creates the new Stripe object? Or the next line does.
const Stripe = require("stripe")
//pass the stripeKey to stripe
const stripe = Stripe(stripeKey)
//define the function:
exports.createCheckoutSession = functions.https.onRequest(
  async (request, response) => {
    const preparedLineItems = await JSON.parse(request.query.data)

    const session = await stripe.checkout.sessions.create({
      line_items: preparedLineItems,
      mode: "payment",
      success_url:
        "http://localhost:5001/team-green-6d418/us-central1/createSuccessPage?session_id={CHECKOUT_SESSION_ID}",
      cancel_url: `${DOMAIN}/canceled`,
    })
    response.redirect(303, session.url)
  }
)

Pretty sure you should do:

const stripe = new Stripe(stripeKey)

the require loads the module
the "new" creates the instance

And depending on HOW you deploy the secret to the .env, there is a potential leak there

I tried implementing it that way, but the web page itself says:

Error: could not handle the request

The console is returning a 500 error, and also a CORS error:

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://uc.appengine.google.com/_ah/conflogin?state=%7EAJKiYcF0SE5zGrfxbNJW3pGyFn9FnfZPHFEiaDVb82VcxGJEpMMZFFhDEMyb-oauJYkkiTxrmFbKgN0RMNwZwA2IBkPziHjRbQ4VTWLQh3-rjGk6Uem5EfAbgE3KrrU1wi-ia8SRwRQLWpas6OTyNmU_ATDQu42sEmmTj1bwiWzpXqBtMG4ULROjLbMXcABVaGcRnJW9WwATCQsgLR5vjLztfejBWuHgEccVzRMkiQ60Q3-opmqoQEvubtzOXtEwUJNSUC_S9yF7&pli=1 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.

And the cloud console function logs say:

Error: You did not provide an API key. You need to provide your API key in the Authorization header, using Bearer auth (e.g. 'Authorization: Bearer YOUR_SECRET_KEY'). See https://stripe.com/docs/api#authentication for details, or we can help at https://support.stripe.com/.
    at res.toJSON.then.StripeAPIError.message ```

So I modified it to look like:

//define the stripeKey variable from the secrets file
const stripeKey = process.env.REACT_APP_STRIPE_API_SECRET_KEY
//require stripe, which is installed already
const Stripe = require("stripe")
//pass the stripeKey to stripe
const stripe = new Stripe(stripeKey)``` per your suggestion

Yeah, looking at the API (and seeing your code structure; I'm transpiling, so that's some of the diff)

I'd log the key to the Cloud console - you can just use console.log, or functions.logger.log - the latter formats better - just to see if it's actually deployed

what would I console.log/functions.logger.log?

Sorry, not even a junior dev yet so I'm still learning. Thanks for the help.

Well, the value of REACT_APP_STRIPE_API_SECRET_KEY. Also, You're using an un-authenticated .onRequest?

I'm quite deep in Firebase Firestore, with many cloud functions - but all client calls are authenticated .onCall's

Uh

The .onRequests are the webhook endpoints

But that in no way means yours needs to be the same; just gathering info

I used the onRequest because that's the example the docs gave, I believe. I'm just more familiar with the structure, but I'm not super attached to it. Jumping into a meeting with my mentor, who may be able to actually poke around in my code and help me find the solution. If not, I'll be back here again 😅

Since I don't work for Stripe, I may not be present here, but you could try to reach out via DM (not sure how locked down I am)

Thank you for your help 🙂