Minimum API Permissions Needed (Restricted API Keys)

  • Resolved maltfield

    (@maltfield)


    2 years ago

    What is the set of minimum permissions needed by this plugin when accessing api.stripe.com via a Restricted API Key?

    The Stripe API keys can be restricted by [a] Resource Type and [b] None/Read/Write.

    Stripe docs explain Restricted API Keys here:

    * https://stripe.com/docs/keys#limit-access

    And the set of resource types (Core Resources) available (with their human-readable description) can be found here:

    * https://stripe.com/docs/api/balance

    Can you please enumerate a list of all the resources that the Stripe API Key given to this plugin absolutely requires, and if that resource can be read-only or if it requires write access?

    • This topic was modified 2 years ago by maltfield.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Adam Heckler

    (@adamkheckler)

    2 years ago

    @maltfield I’m happy to pass this to our Stripe developers for a look, but the answer may just be that Stripe intends restricted keys for microservices as noted on that page you linked:

    Restricted keys cannot interact with many parts of Stripe’s API and are intended to reduce risk when using or building microservices.

    As such, they may just say that the standard keys are required. We’ll see what they say.

    We’ll get back to you when we have more info.

    Thread Starter maltfield

    (@maltfield)

    2 years ago

    I did some digging in the repo, and I saw that Greg Waterhouse asked a similar question about this plugin’s support for Restricted API Keys in May 2018.

    Sadly, the developers closed the request without actioning it.

    * https://github.com/woocommerce/woocommerce-gateway-stripe/issues/634

    @adamkheckler I’d appreciate it if you could have the developers take a second look at this GitHub Issue. At the very least, it would be nice for them to re-open it and add it to the backlog.

    Plugin Support Adam Heckler

    (@adamkheckler)

    2 years ago

    I reopened that issue just now. Marking this thread as resolved. Further discussion will occur on GitHub.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Minimum API Permissions Needed (Restricted API Keys)’ is closed to new replies.