Restricted API key authentication

Generate a permissioned restricted API key (RAK) when a user installs your app.

A user authenticating with the RAK follows these steps.

On your site, the user clicks a link that redirects them to Stripe.
On Stripe, the user selects the appropriate account and accepts permissions for installing the app.
After the app is installed, it generates a restricted API key provisioned with the proper permissions.
The user copies the generated keys and provides them to your site.

Create your app using our template.

Command Line
stripe apps create <app-name> --template restricted-api-key-app

If you have an existing app, run this command in Stripe CLI:

Command Line
stripe apps set api-access-type restricted_api_key

Add all the permissions that your app requires.
Edit your app settings page. If you use the template above, a settings view is automatically created. We recommend adding instructions or links to your own documentation on this page for users to reference when setting up your app.
Example app settings page
Upload your app to Stripe.
Note
After you upload your RAK app, you can’t change the API authentication method.
Command Line
```
stripe apps upload
```

You can test the RAK authentication on your own account.

Install your app in test mode on your account.
Go to your installed apps page in settings and click your recently installed app.
From the app settings page, click View API keys. Copy this secret key to test your integration.

To test your app on a different Stripe account than the one used to develop your app, use external testing.