Skip to content
Create account
or
Sign in
The Stripe Docs logo
/
Ask AI
Create account
Sign in
Get started
Payments
Finance automation
Platforms and marketplaces
Money management
Developer tools
Get started
Payments
Finance automation
Get started
Payments
Finance automation
Platforms and marketplaces
Money management
Overview
Versioning
Changelog
Upgrade your API version
Upgrade your SDK version
Developer tools
SDKs
API
Testing
Workbench
Event Destinations
Workflows
Stripe CLI
Stripe Shell
Developers Dashboard
Agent toolkit
Stripe health alertsBuild with LLMsStripe for Visual Studio CodeFile uploads
Security
Security
Extend Stripe
Stripe Apps
    Overview
    Get started
    Create an app
    How Stripe Apps work
    Sample apps
    Build an app
    Store secrets
    API authentication methods
    Authorization flows
    Server-side logic
    Listen to events
    Handle different modes
    Enable sandbox support
    App settings page
    Build a UI
    Onboarding
    Distribute your app
    Distribution options
    Upload your app
    Versions and releases
    Test your app
    Publish your app
    Promote your app
    Add deep links
    Create install links
    Assign roles in UI extensions
    Post-install actions
    App analytics
    Embedded components for Apps
    Embed third-party Stripe Apps
    Migrating to Stripe Apps
    Migrate or build an extension
      Legacy extensions
    Migrate a plugin to Stripe Apps or Stripe Connect
    Reference
    App manifest
    CLI
    Extension SDK
    Permissions
    Viewports
    Design patterns
    Components
Stripe Connectors
Partners
Partner ecosystem
Partner certification
HomeDeveloper toolsStripe AppsMigrate or build an extension

Legacy extensionsDeprecated

Learn about the deprecated extensions integration pattern and historical reference information.

Stripe Apps replaces extensions

You can no longer build new Stripe extensions. Stripe Apps replaces extensions for developing on Stripe.

Learn more about building a Stripe App.

If you have an existing legacy extension, view the Stripe Apps migration docs.

Note

You can now automatically send your Stripe data and reports to Snowflake or Amazon Redshift in a few clicks with Stripe Data Pipeline. Learn more.

Build an extension Deprecated

Stripe’s products and features allow companies to accept online payments, but offer other reasons to integrate as well. Companies like Baremetrics and Segment build on top of Stripe to provide their services to Stripe accounts with a Standard dashboard.

Building an extension on Stripe consists of four steps:

  1. Configure OAuth and specify a redirect URI.
  2. Configure branding settings.
  3. Create an OAuth link for your users.
  4. Use the API on behalf of connected accounts.

You’re also required to add business details to activate your account, if you haven’t already.

To get started, visit the Extensions page located in the Developers tab of the Stripe dashboard.

Configure OAuth and specify a redirect URI

You can configure this setting in the Integration section of the Extensions Settings page.

Start your integration by toggling the button to enable onboarding Standard accounts with OAuth. Extensions shouldn’t use OAuth with Express accounts.

Stripe provides a unique identifier for your extension called a client_id. You set the redirect_uri and users are directed to that page after they connect their accounts. You must specify all redirect URIs in your extension settings. The development and production versions of these two values help with testing. Take note of these values so you can create an OAuth link in the third step.

Configure branding settings

You can customize how your business appears to your users in the Branding section of the Extensions Settings page.

Users see your logo when they link their Stripe accounts to your application. After they link their accounts, your icon displays in their connected applications list.

Create an OAuth link for your users

OAuth 2.0

For more information, read the Connect OAuth Reference. You can also use an OAuth 2.0 client to implement the flow for you.

Stripe offers a standard OAuth 2.0 flow to connect to Stripe accounts. Using the client_id and redirect_uri values from step one, you can create an OAuth link for your users to onboard with. We recommend showing this link with a Connect with Stripe button that sends users to the authorize_url endpoint:

https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_FkyHCg7X8mlvCUdMDao4mMxagUfhIwXb&scope=read_only

Here’s an example of how you can display the above link to your user, along with the Connect with Stripe button:

Connect with

After the user clicks the link on your site, we redirect them to a page to allow or deny the connection to your extension. Stripe’s authorization flow prompts them to either choose an existing account to connect with your extension, or create a new one.

After the user connects their existing or newly created account to your extension, we redirect them back to the URL you set as your extension’s redirect_uri .

At the end of the OAuth workflow, you’re provided with authorization credentials for the user’s account:

{ ... "stripe_user_id": "acct_0123456789", ... }

You need to store the stripe_user_id so you can identify user accounts.

Use the API on behalf of connected accounts

After users link their Stripe accounts to your application, you can make API requests on their behalf. To perform API requests, you need your extension account’s secret key, and a Stripe-Account header that identifies the account that you’re making the request for. All Stripe libraries support this style of authentication on a per-request basis.

Fetching stored data

Stored data includes information like charges and customer details. With read_only access, you can make most GET requests in Stripe’s API. You can retrieve a single object (for example, retrieve a Payment Intent) or a list of objects (for example, list all Payment Intents).

Command Line
curl
curl https://api.stripe.com/v1/payment_intents \ -u
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:
\ -d "created[lte]"=1612048287 \ -d "limit"=50 \ -H "Stripe-Account: {{CONNECTED_ACCOUNT_ID}}"

While the API performs at a high level, repeatedly fetching large data sets slows your application’s responsiveness. We recommended storing fetched data on your side for analysis and reporting.

Listening for real-time data

In addition to stored data, you can access real-time data through webhooks. After you define an extension webhook endpoint in your account, Stripe sends event notifications to your endpoint for every connected account. The event object’s account property identifies the account where the event occurred.

For example, the event below shows that a customer was created in the acct_0123456789 account. Again, we recommend storing this data on your side for analysis and reporting. By watching events as they occur, your application can respond faster, and you won’t need to make as many API calls.

{ "id": "evt_7Vvj6EHhujk6LB", "livemode": true, "object": "event", "type": "customer.created", "account": "acct_0123456789", "pending_webhooks": 2, "created": 1349654313, "data": {...} }

Charging for your application

Your extension’s Stripe account can process its own charges, so you can still charge for your application with read_only access. After customers connect their Stripe accounts, ask for their payment details and then create a subscription for them in your Stripe account. Make sure to store the created customer ID with the associated Stripe account ID, so that you can track which users are paid and active, and which ones are not.

If you create subscriptions, you can also specify an application_fee_percent as a fee for your application. This is charged on top of any Stripe fees. Read the Subscriptions documentation to learn more.

Disconnected accounts

Users can disconnect their accounts from your integration at any time. When this happens, Stripe sends an account.application.deauthorized webhook. You can use this notification to trigger cleanup on your end, such as disabling the user’s account on your site or removing their data.

You can also disconnect accounts from your integration, by making a request to the OAuth deauthorization endpoint.

Was this page helpful?
YesNo
Need help? Contact Support.
Join our early access program.
Check out our changelog.
Questions? Contact Sales.
LLM? Read llms.txt.
Powered by Markdoc