What is an API Key?
Stripe offers an Application Programming Interface (API) for applications (including add-ons) that want to connect to Stripe accounts in order to retrieve information and perform operations. These applications must be authorized before interacting with Stripe API and this can be done through the API keys. Here you can read official information about Stripe API Keys.
Why do I need to use an API Key?
If you want to connect your Stripe account to Contacts Inbox to manage payments and subscriptions (through the API) without leaving Gmail, the add-on needs to authenticate on Stripe. A secure easy way to do that is to use an API Key from your Stripe account that can be easily configured in the add-on settings.
Is it safe to enter an API Key in Contacts Inbox add-on?
The API Key is stored in your Google account to be used only when you open the add-on and it never leaves the add-on environment. You can disconnect your Stripe account from the add-on to delete the API key whenever you want. Alternatively, you can delete or revoke the key from Stripe Dashboard. Therefore, you always have the control.
Where can I find my Stripe API Key?
In Stripe Dashboard, you need to go to Developers > API keys section where you can find Standard keys and Restricted keys. By default Stripe generates a Standard key that you can see by pressing the button to Reveal live key.
Then you can copy (only once) the API key to use it in Contacts Inbox.
I don’t have any ‘Reveal live key’ button, what can I do?
In that case, the default key was already used and you have to create a new one. First press Create secret key button.
Then, a dialog will be shown to enter the name of the new key.
After that, you will be able to copy the new API key (only once) to use it in Contacts Inbox.
What permissions does the default API Key give to the add-on?
By default, the API Secret Key grants all the permissions to access your Stripe account. You might want to limit these permissions to keep only the ones the add-on needs or even less. In that case you can create a restricted key by pressing Create restricted key button.
Then, you can enter the key name and individually choose the permissions you want to grant.
If you try to perform an operation from the add-on which is not allowed by the API key, an error message will be shown. To fix it, you will need to edit the restricted key and grant the right permissions.
What API Key permissions does the add-on need to work?
The following table shows the permissions required by the add-on to work properly. For greater security, you can create restricted API keys with these permissions and use them to connect your accounts. Thus, the restricted keys allow only the minimum level of access that the add-on needs while protecting account data it doesn’t need.
Resource type | Permissions (Free) | Permissions (Premium) | Connect permissions |
---|---|---|---|
CORE | |||
Charges | — | Write | None |
Customers | Read | Read | None |
Products | — | Read | None |
BILLING | |||
Plan | — | Read | None |
Subscriptions | — | Write | None |
CONNECT | |||
All Connect resources | Read | Read | None |
Do you have more questions?