Stripe introduces restricted API keys
But we can’t use them with CashNotify - yet
TL;DR: Stripe restricted keys are not yet supported by CashNotify. We’re waiting for Stripe to implement some changes. More details just below.
Yesterday Stripe announced they’ve added an option to create restricted API keys:
We’ve added support for generating API keys with precisely-defined scopes: https://t.co/S8zGUObwzS
— Stripe (@stripe) September 13, 2017
And we were like:
YES YES YES!
— CashNotify (@CashNotify) September 14, 2017
We'll update CashNotify to support @Stripe restricted keys — soon! https://t.co/NKVQ4tpwWz
We’re really excited by this.
This means you could create a read-only API key to use with CashNotify.
Why does it matter?
Because we sometimes have the (totally legitimate) question of “What do you do with my API keys?”.
We have to explain why we need your key, and how we securely store them in your local keychain (for full details, see the Security page).
Ultimately, the question is “Can I trust CashNotify?”
How could it work?
Instead of using your standard, “full-rights” API key, you could generate a restricted key, with just enough rights for CashNotify to work properly.
The biggest improvement would be that the only rights you’d give CashNotify are read-only.
Note that we might ask for more rights in the future, when we introduce advanced features in CashNotify (like the ability to process refunds directly from CashNotify). Upside is, once that happens, we’ll have to explain exactly why we need them.
Why can’t I use restricted keys now?
We want to make this happens as soon as we can, however there are some restrictions at the moment preventing us from using restricted keys.
CashNotify needs to access 3 attributes about your Stripe account:
display_namebusiness_logodefault_currency
These attributes are not accessible at all with the new restricted API keys, even when creating a key with the highest permissions.
You can see why we need these. When you add a Stripe account to CashNotify, your account’s name and logo are immediately copied in CashNotify:
We’ve raised the issue with Stripe, and hope they can implement what’s missing… quickly. 😅
Until then, nothing changes for CashNotify users.
We’ll let you know as soon as we have news from Stripe!
