A Restricted Key is a type of API key that allows for granular permission control. Instead of giving an app full access to your account (like a Secret Key does), you can generate a Restricted Key that only has permission to “Write Charges” or “Read Customers,” significantly reducing security risks if the key is ever compromised.
FAQs:
- Should I use a Restricted Key for Charge for Stripe?
It is a best practice to use Restricted Keys whenever possible. Charge for Stripe allows you to connect via Stripe Connect (OAuth) which handles this securely, or manually input keys where a Restricted Key is safer. - How do I create a Restricted Key?
You can create one in the Stripe Dashboard under Developers > API Keys by selecting specific resources (e.g., Charges, Refunds) to grant access to. - Can a Restricted Key be used for everything?
Only for the scopes you define. If an app tries to perform an action the key doesn’t have permission for, the API request will fail.
Related Terms:
- API Keys
- Permissions
- Least Privilege
- API Security