# Send your first Stripe API request

Get started with the Stripe API.

Every call to a Stripe API must include an API secret key. After you create a Stripe account, we generate two pairs of [API keys](https://docs.stripe.com/keys.md) for you – a publishable client-side key and a secret server-side key – for both testing in a *sandbox* (A sandbox is an isolated test environment that allows you to test Stripe functionality in your account without affecting your live integration. Use sandboxes to safely experiment with new features and changes) and in *live* (Use this mode when you’re ready to launch your app. Card networks or payment providers process payments) modes. To start moving real money with your live-mode keys, you must [set up your Stripe account](https://docs.stripe.com/get-started/account/set-up.md).

## Before you begin

This guide walks you through a simple interaction with the Stripe API – creating a customer. For a better understanding of Stripe API objects and how they fit together, take a [tour of the API](https://docs.stripe.com/payments-api/tour.md) or visit the [API reference](https://docs.stripe.com/api.md). If you’re ready to start accepting payments, see our [quickstart](https://docs.stripe.com/payments/quickstart-checkout-sessions.md).

## Send your first API request

You can begin exploring Stripe APIs using the [Stripe Shell](https://docs.stripe.com/workbench/shell.md). The Stripe Shell allows you to execute Stripe CLI commands directly within the Stripe docs site. As it operates in a *sandbox* (A sandbox is an isolated test environment that allows you to test Stripe functionality in your account without affecting your live integration. Use sandboxes to safely experiment with new features and changes) environment only, you don’t have to worry about initiating any real money-moving transactions.

1. To [create a customer](https://docs.stripe.com/api/customers/create.md) using the Stripe Shell, enter the following command:

   #### bash

   ```bash
   stripe customers create --email=jane.smith@email.com --name="Jane Smith" --description="My First Stripe Customer"
   ```

   If everything worked, the command line displays the following response:

   #### bash

   ```json
   {
     "id": "cus_LfctGLAICpokzr", // The identifier looks like this.
     "object": "customer", // This is the object logged to your account.
     "address": null,
     "balance": 0,
     "created": 1652283583,
     "currency": null,
     "default_source": null,
     "delinquent": false,
     "description": "My First Stripe Customer",
     "discount": null,
     "email": "jane.smith@email.com",
     "invoice_prefix": "9B1D61CF",
     "invoice_settings": {
       "custom_fields": null,
       "default_payment_method": null,
       "footer": null
     },
     "livemode": false,
     "metadata": {
     },
     "name": "Jane Smith",
     "next_invoice_sequence": 1,
     "phone": null,
     "preferred_locales": [
   
     ],
     "shipping": null,
     "tax_exempt": "none",
     "test_clock": null
   }
   ```

1. (Optional) Run the same command by passing in your API secret key in a sandbox:

   #### bash

   ```bash
   stripe customers create --email=jane.smith@email.com --name="Jane Smith" --description="My First Stripe Customer" --api-key sk_test_BQokikJOvBiI2HlWgH4olfQ2
   ```

   If everything worked, the command line displays the following response:

   #### bash

   ```json
   {
     "id": "cus_LfdZgLFhah76qf", // The identifier looks like this.
     "object": "customer", // This is the object logged to your account.
     "address": null,
     "balance": 0,
     "created": 1652286103,
     "currency": null,
     "default_currency": null,
     "default_source": null,
     "delinquent": false,
     "description": "My First Stripe Customer",
     "discount": null,
     "email": "jane.smith@email.com",
     "invoice_prefix": "D337F99E",
     "invoice_settings": {
       "custom_fields": null,
       "default_payment_method": null,
       "footer": null
     },
     "livemode": false,
     "metadata": {
     },
     "name": "Jane Smith",
     "next_invoice_sequence": 1,
     "phone": null,
     "preferred_locales": [
   
     ],
     "shipping": null,
     "tax_exempt": "none",
     "test_clock": null
   }
   ```

## View logs and events

Whenever you make a call to Stripe APIs, Stripe creates and stores API and [Events](https://docs.stripe.com/api/events.md) objects for your Stripe [user account](https://docs.stripe.com/get-started/account.md). The API key you specify for the request determines whether the objects are stored in a sandbox environment or in live mode. For example, the last request used your API secret key, so Stripe stored the objects in a sandbox.

- To view the API request log:

  - Open the [Logs](https://dashboard.stripe.com/test/workbench/logs) page.
  - Click **200 OK POST /v1 customers**.

- To view the Event log:

  - Open the [Events](https://dashboard.stripe.com/test/workbench/events) page.
  - Click **jane.smith@email.com is a new customer**.

## Store your API keys

When you sign up for a Stripe account, we create three types of API keys for you:

| Type                             | Safe to expose | Description                                                                                                                                                                                                                                                                                                                       |
| -------------------------------- | -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Restricted API key (RAK)`rk_...` | No             | API key with permissions you control. Limit the damage to your business that a bad actor could cause if they obtained your key. Create as many RAKs as you want and assign them to different parts of your application. [This guide](https://docs.stripe.com/keys/restricted-api-keys.md) explains how to configure and use RAKs. |
| Publishable API key              | Yes            | API key that you can put in front-end code or applications you distribute.                                                                                                                                                                                                                                                        |
| Secret API key`sk_...`           | No             | API key that has unrestricted permissions on all Stripe APIs. Because you can’t limit their permissions, we don’t recommend using secret keys for new use cases, and for existing integrations, we recommend migrating secret key usage to RAKs.                                                                                  |

> #### Webhook signing secrets
> 
> Webhook signing secrets aren’t API keys – they’re per-webhook secrets that your webhook receiver uses to authenticate that webhooks actually came from Stripe. You can find the signing secret for each webhook endpoint in the [Webhooks](https://dashboard.stripe.com/webhooks) section of the Dashboard.

If you created your Stripe account before May 2026, you might not have any restricted API keys. We recommend creating RAKs and migrating from secret keys.

You’re responsible for managing your API keys safely. Read our guide to [best practices for protecting API keys](https://docs.stripe.com/keys-best-practices.md).

## See also

- [Set up your development environment](https://docs.stripe.com/get-started/development-environment.md)
- [Stripe Shell](https://docs.stripe.com/workbench/shell.md)