Geek Answers Handbook

Stripe: Validate Published and Private API Keys

I am creating a web application that allows our users to sell tickets to music shows. To process payments between ticket buyers and show initiators, I use Stripe. In fact, the show initiator creates his show page in my application, and users can buy tickets for this show.

To create a show, the instigator fills out a form (Show name, date of show, where the show will be held, which groups will play, etc.). This form also requires the show initiator to provide both its Public and Secret keys. My application uses both of these tokens to extract credit card information (on the client side) and process payments (on the server side).

The problem is that I want to make sure that the show initiators provide valid and existing Stripe keys . I would not want my users to stumble on payment errors because the initiating impressions did not provide valid Stripe keys.

So my question is: How can I verify that the published and private keys are valid and exist? What is the best strategy to achieve this? Thanks!

+7
source share
2 answers

I am not aware of any documented api call that might be specifically designed to test keys. Here is a suggestion you can try:

Ask your partners for a valid credit card and let them know that to check your Stripe keys you will pay $ 0.50 for your card, which will be returned immediately.

As part of checking the form, when both keys are specified, to send a hidden form that contains all the data necessary to create a map marker, you should be able to check the response in creating a map marker response handler and determine whether the key is really available for publication.

If you receive a successful response from the server of the strip containing the map marker, turn right and send a test payment for $ 0.50 (minimum payment amount).

Make sure you catch all the strip exceptions correctly. I believe that with an invalid secret key you should catch Stripe_InvalidRequestError . If an exception is thrown, you can tell the user.

If errors are not thrown, a payment will be made. Since you do not want to charge your partners, you will need to remove the charge identifier from the response strip and immediately refund the cost .

0
source

Got it!

To check your published keys, you just need to request a strip for the new token using cURL . If this key is invalid, the response will contain an error message starting with "An invalid API key was provided . "

Here is an example written in PHP:

$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://api.stripe.com/v1/tokens"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "card[number]=4242424242424242&card[exp_month]=12&card[exp_year]=2017&card[cvc]=123"); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_USERPWD, $publishableKey . ":"); $response = json_decode(curl_exec($ch),true); if( curl_errno($ch) ){ echo 'Error:' . curl_error($ch); } curl_close ($ch); if(substr($response["error"]["message"],0, 24 ) == "Invalid API Key provided"){ echo "Invalid API Key provided"; }

Same idea for checking private keys.

+8
source

More articles:


All Articles