Implement the use of Stripe Restricted Keys
-
Jordan Trask shared this idea 10 months ago
- Payments/Billing
- Post the first comment
3
Votes
Login to Vote
Hello,
The Stripe integration should be implemented using Stripe Restricted Keys and locked down to only utilize specific API endpoints. Utilizing the Stripe Live API keys is not recommended as they're too open, and if they're obtained and misused could potentially cause massive financial and business damage.
The following article outlines a case where the Stripe Live API keys were used to create a Connect endpoint, charge credit cards, and deposit funds via instant payouts to a Visa debit card.
https://webdesigneracademy.com/my-stripe-account-was-hacked-and-stripe-said-i-have-to-repay-70k/
The Stripe integration should be implemented using Stripe Restricted Keys and locked down to only utilize specific API endpoints. Utilizing the Stripe Live API keys is not recommended as they're too open, and if they're obtained and misused could potentially cause massive financial and business damage.
The following article outlines a case where the Stripe Live API keys were used to create a Connect endpoint, charge credit cards, and deposit funds via instant payouts to a Visa debit card.
https://webdesigneracademy.com/my-stripe-account-was-hacked-and-stripe-said-i-have-to-repay-70k/
Post the first comment
Login to post a comment.