Right now, stripe is integrated with my rails app but I've never used the secret key given to me, I've only used the publishable key. What does the secret key actually do?
Also, I have this bit of code in my views:
<script type="text/javascript">
Stripe.setPublishableKey("my-publishable-key-here");
</script>
Is putting the publishable key right there safe? The stripe docs actually do the same thing, but I'm just not sure.
Publishable API keys are meant solely to identify your account with Stripe, they aren't secret. Publishable keys only have the power to create tokens. Secret API keys should be kept confidential and only stored on your own account.
A PCI-certified auditor has audited Stripe. We're a certified PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, we use the best-in-class security tools and practices to maintain a high level of security at Stripe.
As per our API guidelines for object IDs, API keys can be up to 255 characters in length.
The publishable key is used in your client-side code to tokenize payment information, using Checkout or Stripe. js. It can only be used to create tokens, and tokens by themselves do nothing (they're only a representation of a payment source which hides the sensitive information).
The publishable key is used in your client-side code to tokenize payment information, using Checkout or Stripe.js. It can only be used to create tokens, and tokens by themselves do nothing (they're only a representation of a payment source which hides the sensitive information).
The secret key is used in your backend code to send any other request to Stripe's API. You need to be careful never to leak your secret key, as it could be used to access your account and cause all sorts of troubles (refunding past charges, canceling subscriptions, deleting saved customers, etc.).
You can find all your API keys in your Stripe dashboard: https://dashboard.stripe.com/account/apikeys. If you ever need to, you can replace a key with a new one ("roll out" a key) by clicking the small "recycle" icon next to each key.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With