CODEWITHSUNDEEP
c#.nethttpstripe-paymentsstripe.net
Water Cooler v2
Water Cooler v2

Reputation: 33850

How to send Stripe's secret key when making a raw HTTP POST request to Stripe

Because the Stripe .NET nuget package / library is built on v1 of the Stripe API, and since then a few things have changed, I am making a raw HTTP request to a Stripe endpoint to add a new credit card to an existing customer's account.

My question is: how do I send the Stripe secret key? Looking at this CURL request, I assumed that it is sent as a basic authentication header.

So, here's what I did:

var createCardUrl = string.Format(
   "https://api.stripe.com/v1/customers/{0}/sources", 
   stripeCustomerId);

dynamic headers = new ExpandoObject();
headers.Authorization = string.Format("Basic {0}", Constants.StripeSecretKey);

dynamic body = new ExpandoObject();
body.source = stripeToken;

dynamic cardAdditionResult = Http.MakePostRequest(
                              createCardUrl, 
                              headers, 
                              body)
                            .ObjectFromJson();

Where my MakePostRequest is as follows.

public static string MakePostRequest(string url, 
                IEnumerable<KeyValuePair<string, object>> headers = null, 
                string body = null)
{
    var request = (HttpWebRequest)WebRequest.Create(url);
    request.Method = "POST";

    if (headers != null)
    {
        AddHeaders(request, headers);
    }

    if (!string.IsNullOrEmpty(body))
    {
        var data = Encoding.ASCII.GetBytes(body);
        request.ContentType = "application/x-www-form-urlencoded";
        request.ContentLength = data.Length;

        using (var stream = request.GetRequestStream())
        {
            stream.Write(data, 0, data.Length);
        }
    }

    var response = (HttpWebResponse)request.GetResponse();

    var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();

    return responseString;
}

I receive a 400 (Bad Request) from Stripe. Obviously, I am not sending the Stripe secret key the way I must.

Upvotes: 5

Views: 2723

Answers (1)

Matthew Arkin
Matthew Arkin

Reputation: 4648

If you're using basic authentication, the Stripe secret api key should be base 64 encoded and then have a : after it (since it would divide the username and the password)

Upvotes: 6

Related Questions