How can we improve WHMCS?

Share, discuss and vote for what you would like to see added to WHMCS

Implement the use of Stripe Restricted Keys



6 Votes
Hello,

The Stripe integration should be implemented using Stripe Restricted Keys and locked down to only utilize specific API endpoints. Utilizing the Stripe Live API keys is not recommended as they're too open, and if they're obtained and misused could potentially cause massive financial and business damage.

The following article outlines a case where the Stripe Live API keys were used to create a Connect endpoint, charge credit cards, and deposit funds via instant payouts to a Visa debit card.

https://webdesigneracademy.com/my-stripe-account-was-hacked-and-stripe-said-i-have-to-repay-70k/