# Send your first Stripe API request Get started with the Stripe API. Every call to a Stripe API must include an API secret key. After you create a Stripe account, we generate two pairs of [API keys](https://docs.stripe.com/keys.md) for you—a publishable client-side key and a secret server-side key—for both testing in a *sandbox* (A sandbox is an isolated test environment that allows you to test Stripe functionality in your account without affecting your live integration. Use sandboxes to safely experiment with new features and changes) and in *live* (Use this mode when you’re ready to launch your app. Card networks or payment providers process payments) modes. To start moving real money with your live-mode keys, you need to [activate your account](https://docs.stripe.com/get-started/account/activate.md). ## Before you begin This guide walks you through a simple interaction with the Stripe API—creating a customer. For a better understanding of Stripe API objects and how they fit together, take a [tour of the API](https://docs.stripe.com/payments-api/tour.md) or visit the [API reference](https://docs.stripe.com/api.md). If you’re ready to start accepting payments, see our [quickstart](https://docs.stripe.com/payments/quickstart-checkout-sessions.md). ## Send your first API request You can begin exploring Stripe APIs using the [Stripe Shell](https://docs.stripe.com/workbench/shell.md). The Stripe Shell allows you to execute Stripe CLI commands directly within the Stripe docs site. As it operates in a *sandbox* (A sandbox is an isolated test environment that allows you to test Stripe functionality in your account without affecting your live integration. Use sandboxes to safely experiment with new features and changes) environment only, you don’t have to worry about initiating any real money-moving transactions. 1. To [create a customer](https://docs.stripe.com/api/customers/create.md) using the Stripe Shell, enter the following command: #### bash ```bash stripe customers create --email=jane.smith@email.com --name="Jane Smith" --description="My First Stripe Customer" ``` If everything worked, the command line displays the following response: #### bash ```json { "id": "cus_LfctGLAICpokzr", // The identifier looks like this. "object": "customer", // This is the object logged to your account. "address": null, "balance": 0, "created": 1652283583, "currency": null, "default_source": null, "delinquent": false, "description": "My First Stripe Customer", "discount": null, "email": "jane.smith@email.com", "invoice_prefix": "9B1D61CF", "invoice_settings": { "custom_fields": null, "default_payment_method": null, "footer": null }, "livemode": false, "metadata": { }, "name": "Jane Smith", "next_invoice_sequence": 1, "phone": null, "preferred_locales": [ ], "shipping": null, "tax_exempt": "none", "test_clock": null } ``` 1. (Optional) Run the same command by passing in your API secret key in a sandbox: #### bash ```bash stripe customers create --email=jane.smith@email.com --name="Jane Smith" --description="My First Stripe Customer" --api-key sk_test_BQokikJOvBiI2HlWgH4olfQ2 ``` If everything worked, the command line displays the following response: #### bash ```json { "id": "cus_LfdZgLFhah76qf", // The identifier looks like this. "object": "customer", // This is the object logged to your account. "address": null, "balance": 0, "created": 1652286103, "currency": null, "default_currency": null, "default_source": null, "delinquent": false, "description": "My First Stripe Customer", "discount": null, "email": "jane.smith@email.com", "invoice_prefix": "D337F99E", "invoice_settings": { "custom_fields": null, "default_payment_method": null, "footer": null }, "livemode": false, "metadata": { }, "name": "Jane Smith", "next_invoice_sequence": 1, "phone": null, "preferred_locales": [ ], "shipping": null, "tax_exempt": "none", "test_clock": null } ``` ## View logs and events Whenever you make a call to Stripe APIs, Stripe creates and stores API and [Events](https://docs.stripe.com/api/events.md) objects for your Stripe [user account](https://docs.stripe.com/get-started/account.md). The API key you specify for the request determines whether the objects are stored in a sandbox environment or in live mode. For example, the last request used your API secret key, so Stripe stored the objects in a sandbox. - To view the API request log: - Open the [Logs](https://dashboard.stripe.com/test/workbench/logs) page. - Click **200 OK POST /v1 customers**. - To view the Event log: - Open the [Events](https://dashboard.stripe.com/test/workbench/events) page. - Click **jane.smith@email.com is a new customer**. ## Store your API keys By default, all accounts have a total of four API keys: | Type | Description | | ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Sandbox secret key | Authenticate requests on your server when you’re testing in a sandbox. By default, you can use this key to perform any API request without restriction. Reserve this key for testing and development to make sure you don’t accidentally modify your live customers or charges. | | Sandbox publishable key | Test requests in your web or mobile app’s client-side code. Reserve this key for testing and development to make sure you don’t accidentally modify your live customers or charges. | | Live mode secret key | Authenticate requests on your server when in live mode. By default, you can use this key to perform any API request without restriction. | | Live mode publishable key | When you’re ready to launch your app, use this key in your web or mobile app’s client-side code. | Your secret and publishable keys are on the [API keys](https://dashboard.stripe.com/test/apikeys) tab in the Dashboard. If you can’t view your API keys, ask the owner of your Stripe account to add you to their [team](https://docs.stripe.com/get-started/account/teams.md) with the proper permissions. > #### Restricted API keys > > You can generate [restricted API keys](https://docs.stripe.com/keys-best-practices.md#limit-access) in the Dashboard to enable customizable and limited access to the API. However, Stripe doesn’t offer any restricted keys by default. > #### Looking for your webhook signing secret? > > Webhook signing secrets aren’t API keys. You can find the signing secret for each webhook endpoint in the [Webhooks](https://dashboard.stripe.com/webhooks) section of the Dashboard. Select an endpoint and expand the **Signing secret** section. If you’re logged in to Stripe, our documentation populates code examples with your test API keys. Only you can see these values. If you’re not logged in, our code examples include randomly generated API keys that you can replace with your test keys. Or you can log in to see the code examples populated with your test API keys. ### Example API keys The following table shows randomly generated examples of secret and publishable keys: | Type | Value | When to use | | ----------- | ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Secret | `sk_test_BQokikJOvBiI2HlWgH4olfQ2` | **Server-side only.** Use this key in your back-end code (for example, in an environment variable) to make API calls to Stripe. Keep it private—never share it, commit it to source control, or expose it in a browser or mobile app. Anyone with this key can make API calls as your account. | | Publishable | `pk_test_TYooMQauvdEDq54NiTphI7jx` | **Client-side (browser or mobile app).** Use this key in your front-end code to securely collect payment information with tools like [Stripe Elements](https://docs.stripe.com/payments/elements.md) or [Stripe Checkout](https://docs.stripe.com/payments/checkout.md). This key can be public. | | Restricted | A string that starts with `rk_test_` | **Server-side only, with limited permissions.** Like a secret key, but you choose exactly which Stripe API resources it can access. Use restricted keys instead of secret keys when you want to limit what a system or third party can do. See [restricted API keys](https://docs.stripe.com/keys-best-practices.md#limit-access). | ## See also - [Set up your development environment](https://docs.stripe.com/get-started/development-environment.md) - [Stripe Shell](https://docs.stripe.com/workbench/shell.md)