Yarin
Reputation: 183489
Understanding Stripe's API authentication
Stripe's API uses HTTP Basic Authentication over HTTPS for authentication. Per the instructions, this requires including a secret API key in the request.
However, the Stripe dashboard provides us with two keys, one public and one secret. What is the public key used for?
Upvotes: 1
Views: 1725
Answers (1)
Rezigned
Reputation: 4922
pk_* keys are used in javascript client, since everyone can view this key by looking at html source code.
If someone obtains this public key there're only few operations that they can do e.g. collecting credit card info, request for tokens etc.
In contrast, your secret key are used for all crucial operations e.g. charge a credit card, create new customer etc.
Stripe.setPublishableKey('pk_*');
see https://stripe.com/docs/stripe.js
Upvotes: 3
Related Questions
- Stripe: Validating Publishable and Secret API Keys
- Stripe customer integration
- Stripe API transfer to Bank Account
- Stripe API subscriptions flow?
- Clarification on functionality of the stripe token
- Java Stripe API
- How does stripe connect auth and capture works with PHP?
- Stripe auth and capture in javascript
- Securing API Using HTTP Basic Auth
- What information is returned by stripe API