Using Restricted API keys

Created on 8 February 2024, over 1 year ago

If anyone wants to use a restricted API key for some reason, see my research below on what permissions need to be granted to make it work for the Stripe Payment Element.
Documentation on using API keys can be found here.
Follow the instructions to create a restricted key and grant the following permissions (see screenshot → ):
All core resources
Balance - Read
Charges - Write
Customers - Write
PaymentIntents - Write
All other permissions should be set to None.

I don't really understand why we need "Balance - Read" but if I set it to None I get "Invalid secret key." message when saving payment gateway configurations (maybe we need to ask about this Stripe support). For other permissions like Charges, Customers, PaymentIntents we do use them in the code.
Please report any issues with restricted API keys here so we can update the README.md with the necessary instructions.

📌 Task

Status

Active

Version

1.0

Component

Code

Created by

🇺🇦Ukraine marchuk.vitaliy Rivne, UA

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @marchuk.vitaliy
Comment 18 days ago →
🇳🇿New Zealand davidwhthomas
Firstly, thanks for the useful module.

I tried to add a restricted key but the commerce_stripe payment gateway configuration requires the "Publishable key" as well. The restricted key _is_ the secret key and is not a publishable key.

I tried a placeholder "restricted_key" for the publishable key, just to test, and set to test mode.

On saving the restricted key, there is an error "The provided secret key is not for the selected mode (test)."

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024