Can I Use Restricted Keys For Stripe Access?
This allows you to safeguard your Stripe environment by:
- Limiting access to read-only mode
- Limiting access to those entities required to calculate commissions
- Identifying which caller submits calls to the Stripe API
To generate a restricted key:
- Login to Stripe
- Generate a restricted key
- Click on "Developers"
- Click on "API Keys"
- Click on "+ Restricted Key"
- Enter a key name (ex: "Sales Cookie")
- Select read-only permissions for specific entities
Here are our recommendations in terms of selecting entities:
- We recommend providing read only access to the following entities as they are commonly used in commission calculations (the exact list depends on your commission structure and the underlying required data):
- Customers
- Credit notes
- Charges
- Events
- Invoices
- Orders
- Payment Intents
- Prices
- Products
- Radar Reviews
- SKUs
- Sources
- Subscriptions
- Transactions
- Balance
- Balance Transaction Sources
- Tax Rates
- Tax Calculations and Transactions
- Tax Settings and Registrations
- You may also want to enable read only access to the following optional entities (this depends on your commission structure):
- Authorizations
- Customer session
- Cards
- Cardholders
- Coupons
- Disputes
- Quotes
- We typically do not not require access to the following entities:
- Tokens
- Token Network Data
- Payment Methods (unless you need this information for commissions)
- Login Links
- Payment Links
- Payouts
- Files
- Funding Instructions
- Transfers
- Apple Pay domains
- Ephemeral keys
- Connection Tokens
- Webhook Endpoints
- Report Runs and Report Types
- Debugging tools
To keep it simple, you can enable broad read-only access to the following categories:
- Core
- To access Customers, Products, Payment Intents, etc.
- Billing
- To access to Credit Notes, Invoices, etc.
- Connect
- To access Accounts
- Orders
- Required if invoices are linked to orders
- Payment Records
- To access the payments
- Radar
- Charges typically have links to Radar reviews, so it's not possible to retrieve charges details without this permission
- Tax
- Access to tax rates and settings
You can then enter the secret restricted API key in Sales Cookie under Settings > Connections > Stripe.
Related Articles
How Can I Use The Zapier Integration?
The Zapier integration provides access to: A "Create Transaction" Action This allows you to add or update sales transactions within Sales Cookie. For example, you could create a Zap which calls this action when a new invoice or opportunity is created ...What Is Direct Access?
Sales Cookie's authentication uses strong security measures by default: Users must complete the authentication flow each time they connect. Users must provide a strong proof of identity, such as a correct email & password, a valid Google ...How Can I Use The CSV Upload API?
This article is about CSV transaction upload API. This is by far the easiest way to upload sales transactions, and it is also blazing fast. About 1-3 lines of code are required to upload transactions. All you need to do is prepare a CSV file and then ...What Type Of Support Is Available For Stripe?
By adding a Stripe connection to your workspace, you can automatically import and sync sales transactions to your workspace We support charges, invoices, refunds You will need to map fields the first time you import transactions Newly created Stripe ...How Can I Use The Transaction Import API?
The data import API allows you to create (or update) sales transactions within Sales Cookie using HTTP requests. Three options are available to import sales transactions using an API: Use the CSV Upload API (easiest) Manually upload a sample CSV file ...