Menu
I am using stripe for payment in my platform. Stripe provides me with IDs for the objects I can access in my account,
things like customer_id, which is like something cus_6DUY9LB2ih5Pdy
or credit card id like card_1613mtB177tQO9RpJRQEFLcV
If i had a delete link which references those ID like so
http://mywebapp.com/user/card_1614UyB177tQO9RpKy5Ysw10
for example, that link will delete the card from stripe and from my local DB
Is it safe for me to expose these IDs to the public?
can someone potential do malicious things with the card ID(like creating a charge?)
497
We're a certified PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, we use the best-in-class security tools and practices to maintain a high level of security at Stripe.
The Customer resource is a core entity within Stripe. Use it to store all of the profile, billing, and tax information required to bill a customer for subscriptions and one-off invoices.
All sensitive information coming from the account id requires your Stripe Secret Key (or that of the account, for Connect accounts). That being said, if access to those keys is compromised, having the account ids readily available just makes it that much easier for an attacker.
Stripe typically validates card information when it is saved. For more details on when this happens, see Check if a card is valid without a charge.
To get an answer marked on this, confirming what @koopajah said in the comment on the question years ago:
Those ids are specific to your account and only work with your secret key
So they are safe (nobody else can use them), but you may not want to expose these or build too much dependency around them. Instead, use your own data representation as a reference to them.
132
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
