# Send your first Stripe API request Get started with the Stripe API. Every call to a Stripe API must include an API secret key. After you create a Stripe account, we generate two pairs of [API keys](https://docs.stripe.com/keys.md) for you—a publishable client-side key and a secret server-side key—for both testing in a *sandbox* (A sandbox is an isolated test environment that allows you to test Stripe functionality in your account without affecting your live integration. Use sandboxes to safely experiment with new features and changes) and in *live* (Use this mode when you’re ready to launch your app. Card networks or payment providers process payments) modes. To start moving real money with your live-mode keys, you must [set up your Stripe account](https://docs.stripe.com/get-started/account/set-up.md). ## Before you begin This guide walks you through a simple interaction with the Stripe API—creating a customer. For a better understanding of Stripe API objects and how they fit together, take a [tour of the API](https://docs.stripe.com/payments-api/tour.md) or visit the [API reference](https://docs.stripe.com/api.md). If you’re ready to start accepting payments, see our [quickstart](https://docs.stripe.com/payments/quickstart-checkout-sessions.md). ## Send your first API request You can begin exploring Stripe APIs using the [Stripe Shell](https://docs.stripe.com/workbench/shell.md). The Stripe Shell allows you to execute Stripe CLI commands directly within the Stripe docs site. As it operates in a *sandbox* (A sandbox is an isolated test environment that allows you to test Stripe functionality in your account without affecting your live integration. Use sandboxes to safely experiment with new features and changes) environment only, you don’t have to worry about initiating any real money-moving transactions. 1. To [create a customer](https://docs.stripe.com/api/customers/create.md) using the Stripe Shell, enter the following command: #### bash ```bash stripe customers create --email=jane.smith@email.com --name="Jane Smith" --description="My First Stripe Customer" ``` If everything worked, the command line displays the following response: #### bash ```json { "id": "cus_LfctGLAICpokzr", // The identifier looks like this. "object": "customer", // This is the object logged to your account. "address": null, "balance": 0, "created": 1652283583, "currency": null, "default_source": null, "delinquent": false, "description": "My First Stripe Customer", "discount": null, "email": "jane.smith@email.com", "invoice_prefix": "9B1D61CF", "invoice_settings": { "custom_fields": null, "default_payment_method": null, "footer": null }, "livemode": false, "metadata": { }, "name": "Jane Smith", "next_invoice_sequence": 1, "phone": null, "preferred_locales": [ ], "shipping": null, "tax_exempt": "none", "test_clock": null } ``` 1. (Optional) Run the same command by passing in your API secret key in a sandbox: #### bash ```bash stripe customers create --email=jane.smith@email.com --name="Jane Smith" --description="My First Stripe Customer" --api-key sk_test_BQokikJOvBiI2HlWgH4olfQ2 ``` If everything worked, the command line displays the following response: #### bash ```json { "id": "cus_LfdZgLFhah76qf", // The identifier looks like this. "object": "customer", // This is the object logged to your account. "address": null, "balance": 0, "created": 1652286103, "currency": null, "default_currency": null, "default_source": null, "delinquent": false, "description": "My First Stripe Customer", "discount": null, "email": "jane.smith@email.com", "invoice_prefix": "D337F99E", "invoice_settings": { "custom_fields": null, "default_payment_method": null, "footer": null }, "livemode": false, "metadata": { }, "name": "Jane Smith", "next_invoice_sequence": 1, "phone": null, "preferred_locales": [ ], "shipping": null, "tax_exempt": "none", "test_clock": null } ``` ## View logs and events Whenever you make a call to Stripe APIs, Stripe creates and stores API and [Events](https://docs.stripe.com/api/events.md) objects for your Stripe [user account](https://docs.stripe.com/get-started/account.md). The API key you specify for the request determines whether the objects are stored in a sandbox environment or in live mode. For example, the last request used your API secret key, so Stripe stored the objects in a sandbox. - To view the API request log: - Open the [Logs](https://dashboard.stripe.com/test/workbench/logs) page. - Click **200 OK POST /v1 customers**. - To view the Event log: - Open the [Events](https://dashboard.stripe.com/test/workbench/events) page. - Click **jane.smith@email.com is a new customer**. ## Store your API keys Stripe supports different types of API keys for different use cases. You’re responsible for managing these keys safely. In particular, treat secret keys and [restricted API keys](https://docs.stripe.com/keys/restricted-api-keys.md) (RAKs) as sensitive and don’t expose them outside your server environment. To keep your business safe, read and understand [best practices for managing secret API keys](https://docs.stripe.com/keys-best-practices.md). Develop and [test](https://docs.stripe.com/testing.md) and your application with sandbox keys, not live-mode keys, to make sure you don’t accidentally modify your live customers or charges. | Type | Safe to expose | Generated by default | Description | | -------------------------------------------- | -------------- | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Sandbox secret key`sk_test_` | No | Yes | Authenticate requests on your server when you’re testing in a sandbox. By default, you can use this key to perform any API request without restriction. | | Sandbox restricted API key (RAK)`rk_test_` | No | No | Like a secret key, but with Stripe API permissions you control. You can use different RAKs in different parts of your code to precisely fit permissions to app components. Use a sandbox RAK to refine your app’s Stripe API permissions before creating live mode RAKs. | | Sandbox publishable key`pk_test_` | Yes | Yes | Test requests in your web or mobile app’s client-side code. | | Live mode secret key`sk_live_` | No | Yes | Authenticate requests on your server when in live mode. By default, you can use this key to perform any API request without restriction. | | Live mode restricted API key (RAK)`rk_live_` | No | No | Assign custom permissions to server-side components to give each part of your app exactly the Stripe API permissions it needs. Using a RAK instead of a secret key limits the potential for damage if a key is accidentally exposed or your app is compromised. | | Live mode publishable key`pk_live_` | Yes | Yes | When you’re ready to launch your app, use this key in your web or mobile app’s client-side code. | Find your [API keys](https://dashboard.stripe.com/apikeys) in the Stripe dashboard. If you can’t view your API keys but need to manage keys for your app, ask the owner of your Stripe account to add you to their [team](https://docs.stripe.com/get-started/account/teams.md) with the proper permissions. If you’re logged in to Stripe, our documentation includes your test API keys in some places to illustrate API usage. Only you can see these values. If you’re not logged in, our code examples include randomly generated API keys. > #### Webhook signing secrets > > Webhook signing secrets aren’t API keys—they’re per-webhook secrets that your webhook receiver uses to authenticate that webhooks actually came from Stripe. You can find the signing secret for each webhook endpoint in the [Webhooks](https://dashboard.stripe.com/webhooks) section of the Dashboard. ## See also - [Set up your development environment](https://docs.stripe.com/get-started/development-environment.md) - [Stripe Shell](https://docs.stripe.com/workbench/shell.md)