Reputation: 1856
What's the purpose of the secret key for stripe? Also, is this safe?
Right now, stripe is integrated with my rails app but I've never used the secret key given to me, I've only used the publishable key. What does the secret key actually do?
Also, I have this bit of code in my views:
<script type="text/javascript">
Stripe.setPublishableKey("my-publishable-key-here");
</script>
Is putting the publishable key right there safe? The stripe docs actually do the same thing, but I'm just not sure.
Upvotes: 13
Views: 17709
Answers (1)
Reputation: 17503
The publishable key is used in your client-side code to tokenize payment information, using Checkout or Stripe.js. It can only be used to create tokens, and tokens by themselves do nothing (they're only a representation of a payment source which hides the sensitive information).
The secret key is used in your backend code to send any other request to Stripe's API. You need to be careful never to leak your secret key, as it could be used to access your account and cause all sorts of troubles (refunding past charges, canceling subscriptions, deleting saved customers, etc.).
You can find all your API keys in your Stripe dashboard: https://dashboard.stripe.com/account/apikeys. If you ever need to, you can replace a key with a new one ("roll out" a key) by clicking the small "recycle" icon next to each key.
Upvotes: 26
Related Questions
- Where to set stripe API key in rails application?
- Is it important to hide Stripe secret key in Javascript?
- Stripe - No API key provided?
- Rails 5.1 secrets and Stripe using wrong key
- Stripe API key missing Rails
- Stripe secret key security?
- Undefined method 'secret_key' in Stripe API integration
- Ruby on Rails - Stripe - No API key provided
- Confused about how to properly use secret keys
- Where do I place Stripe's publishable and secret keys?