Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What's the purpose of the secret key for stripe? Also, is this safe?

Tags:

ruby-on-rails

stripe-payments

Right now, stripe is integrated with my rails app but I've never used the secret key given to me, I've only used the publishable key. What does the secret key actually do?

Also, I have this bit of code in my views:

 <script type="text/javascript">
  Stripe.setPublishableKey("my-publishable-key-here");
</script>

Is putting the publishable key right there safe? The stripe docs actually do the same thing, but I'm just not sure.

like image 579
nachime Avatar asked Aug 08 '16 00:08

nachime

People also ask

Is it safe to share Stripe secret key?

Publishable API keys are meant solely to identify your account with Stripe, they aren't secret. Publishable keys only have the power to create tokens. Secret API keys should be kept confidential and only stored on your own account.

Is using Stripe safe?

A PCI-certified auditor has audited Stripe. We're a certified PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, we use the best-in-class security tools and practices to maintain a high level of security at Stripe.

How long is Stripe secret key?

As per our API guidelines for object IDs, API keys can be up to 255 characters in length.

How does Stripe publishing key work?

The publishable key is used in your client-side code to tokenize payment information, using Checkout or Stripe. js. It can only be used to create tokens, and tokens by themselves do nothing (they're only a representation of a payment source which hides the sensitive information).

1 Answers

The publishable key is used in your client-side code to tokenize payment information, using Checkout or Stripe.js. It can only be used to create tokens, and tokens by themselves do nothing (they're only a representation of a payment source which hides the sensitive information).

The secret key is used in your backend code to send any other request to Stripe's API. You need to be careful never to leak your secret key, as it could be used to access your account and cause all sorts of troubles (refunding past charges, canceling subscriptions, deleting saved customers, etc.).

You can find all your API keys in your Stripe dashboard: https://dashboard.stripe.com/account/apikeys. If you ever need to, you can replace a key with a new one ("roll out" a key) by clicking the small "recycle" icon next to each key.

like image 191
Ywain Avatar answered Sep 20 '22 14:09

Ywain
Sign in to Comment

Related questions

Rails has_many :through with different column name in association table
How to query data without create model in Rails?
Mustache Conditions and Loops
superclass mismatch for class CommentsController (TypeError), best way to rename?
How do I order results by hstore attribute in Rails 4?
Easy way to suppress SQL output in Rails console?
Sunspot Rails difference between :text an :string type fields
NameError: undefined local variable or method `app'
ActiveRecord execute raw sql not returning any results?
How to hide records, rather than delete them (soft delete from scratch)
EOFError (end of file reached) in Ruby on Rails with http.request
How to find failed jobs list in sidekiq?
How does respond_to and respond_with work in rails?
Create API in Rails 4 - Uninitialized constant Api::V1::UsersController
How to destroy columns mistakenly created by Paperclip in Ruby on Rails
Recursively modify values in a nested hash
Heroku rake command
Ruby convert string array to array object [duplicate]
How to integrate elasticsearch with rails application specifically using "Elasticsearch" gem
Is there a way to resolve Rails deleted migrations?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!