Skip to content
Create account
or
Sign in
The Stripe Docs logo
/
Ask AI
Create account
Sign in
Get started
Payments
Finance automation
Platforms and marketplaces
Money management
Developer tools
Get started
Payments
Finance automation
Get started
Payments
Finance automation
Platforms and marketplaces
Money management
Overview
Versioning
Changelog
Upgrade your API version
Upgrade your SDK version
Developer tools
SDKs
API
Testing
Workbench
Event Destinations
Workflows
Stripe CLI
Stripe Shell
Developers Dashboard
Agent toolkit
Stripe health alertsBuild with LLMsStripe for Visual Studio CodeFile uploads
Security
Security
Extend Stripe
Stripe Apps
    Overview
    Get started
    Create an app
    How Stripe Apps work
    Sample apps
    Build an app
    Store secrets
    API authentication methods
      OAuth 2.0
      Restricted API key
    Authorization flows
    Server-side logic
    Listen to events
    Handle different modes
    Enable sandbox support
    App settings page
    Build a UI
    Onboarding
    Distribute your app
    Distribution options
    Upload your app
    Versions and releases
    Test your app
    Publish your app
    Promote your app
    Add deep links
    Create install links
    Assign roles in UI extensions
    Post-install actions
    App analytics
    Embedded components for Apps
    Embed third-party Stripe Apps
    Migrating to Stripe Apps
    Migrate or build an extension
    Migrate a plugin to Stripe Apps or Stripe Connect
    Reference
    App manifest
    CLI
    Extension SDK
    Permissions
    Viewports
    Design patterns
    Components
Stripe Connectors
Partners
Partner ecosystem
Partner certification
HomeDeveloper toolsStripe Apps

API authentication methods

Select the API authentication method that works best for your app's use case.

Copy page

Your app can use one of three methods to authenticate requests to the Stripe API on behalf of your users.

Method DescriptionUse cases
Platform key DefaultYour account’s secret API key makes requests to the Stripe API on behalf of your user’s account.
  • You want to manage fewer keys per install.
  • Private preview You want to distribute your app with Embedded Stripe Apps.
OAuth 2.0Use industry standard OAuth 2.0 to generate access tokens to interact with the Stripe API. Initialize the Stripe SDK with the access token for the account you’re operating on behalf of.
  • You already use OAuth to interact with other systems.
  • Users need to manage the integration from your software.
Restricted API keyWhen a user installs your app, Stripe generates a permissioned, restricted API key that users need to copy and paste into your software to interact with Stripe.
  • Your software can’t support platform or OAuth onboarding.
  • Your users run your software on-premise.

Configure

To configure the API authentication method, edit stripe_api_access_type in the app manifest. For setup instructions, refer to the pages linked in the table above.

stripe-app.json
{ "id": "com.example.app", "version": "0.0.1", "name": "Your Stripe App", "distribution_type": "public", "permissions": [], "stripe_api_access_type": "platform" | "oauth" | "restricted_api_key", }

See also

  • Set up OAuth 2.0
  • Set up restricted access key authentication
Was this page helpful?
YesNo
Need help? Contact Support.
Join our early access program.
Check out our changelog.
Questions? Contact Sales.
LLM? Read llms.txt.
Powered by Markdoc