Account management

Account management renders a UI component for connected accounts to view and proactively edit their account details. Connected accounts can view and edit account information such as personal or business information, public information, and bank accounts they use for payouts.

Account management isn’t optimized for collecting missing account information, and doesn’t handle risk verifications. For those use cases, consider using account onboarding or the notification banner.

Requirements collection options

When a connected account has outstanding requirements, embedded account management prompts the connected account to update their information. It always collects currently_due requirements, and you can use the collectionOptions attribute to also request any of the following:

• eventually_due requirements
• future requirements
• Granular requirement restrictions

Requirement restrictions

While specifying collection options, you can configure granular requirement restrictions as only or exclude. Both options allow specifying an array of strings that represent either currently_due or eventually_due requirements on an account.

Think of the options as filters, where exclude filters out matching account requirements, and only acts as an intersection between the account requirements and the specified values. They also support wildcard matching using * and relationship prefixes.

For example, if you have a connected account with several owners, you can collect the address information for all owners by specifying only: ["owners.address.*"].

A person can have multiple relationships associated to them, and relationships can be assigned to multiple persons. Therefore, when you leverage relationship prefixes, they apply to all persons on the account with the specified relationship. This is especially useful in situations where you don’t know a specific person’s ID, but do know their relationship.

Important considerations:

• Accounts still need to satisfy all KYC requirements in order to have capabilities enabled. The exclude option doesn’t remove a requirement, it only prevents collection at the time. The information must still be collected.
• These restrictions only apply within embedded components. They don’t affect accounts using other types of dashboards.
• This feature is intended for building improved user experiences, not for preventing accounts from accessing information.

only requirement restriction

This option scopes collection to the set of specified requirements that are also outstanding on the account. It’s most commonly used to build a remediation experience, and is particularly useful for requirements that require some form of document upload or identity verification.

This option prevents account onboarding from presenting the standard final summary step. If all of the specified requirements have been provided, the account onboarding component exits immediately.

exclude requirement restriction

This option hides the specified fields, which prevents a connected account from providing or editing that information. It only hides fields from the component; it doesn’t remove information requirements. This option is useful when you want to prefill information that you don’t want the connected account to access during onboarding.

For Express accounts, if you want to exclude the business_type requirement (such as to prevent an account from changing their business type), the account country and capabilities must be set.

Displayed fields

The fields that the account management component displays depend on how you configured the connected account—specifically on the connected account country, business type, capabilities and service agreement type. This works similarly to how the onboarding component only collects the information that’s required for how the connected account is configured.

External account collection

Use the external_account_collection feature to control whether the component collects external account information. This parameter is enabled by default, and only platforms responsible for collecting updated information when requirements are due or change (including Custom accounts) can disable it. When external_account_collection is enabled, user authentication is required. You can opt out of Stripe user authentication with the disable_stripe_user_authentication parameter.

Disable Stripe user authentication

Use the disable_stripe_user_authentication feature to control whether the component requires Stripe user authentication. The default value is the opposite of the external_account_collection value. For example, if you don’t set external_account_collection, it defaults to true and disable_stripe_user_authentication defaults to false. This value can only be true for accounts where controller.requirement_collection is application.

We recommend implementing 2FA or equivalent security measures as a best practice. For account configurations that support this feature, such as Custom accounts, you assume liability for connected accounts if they can’t pay back negative balances.

Create an Account Session

When creating an Account Session, enable account management by specifying account_management in the components parameter.

curl https://api.stripe.com/v1/account_sessions \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -d account=
"{{CONNECTED_ACCOUNT_ID}}" \
  -d "components[account_management][enabled]"=true \
  -d "components[account_management][features][external_account_collection]"=true

Render the account management component

// Include this element in your HTML
const accountManagement = stripeConnectInstance.create('account-management');
container.appendChild(accountManagement);

// Optional:
// accountManagement.setCollectionOptions({
//   fields: 'eventually_due',
//   futureRequirements: 'include',
// })