# Permissions reference

A list of available events and their required permissions.

> #### Use the Accounts v2 API to represent customers
> 
> The Accounts v2 API is generally available for Connect users, and in public preview for other Stripe users. If you’re part of the Accounts v2 preview, you need to specify a [specify a preview version](https://docs.stripe.com/api-v2-overview.md#sdk-and-api-versioning) in your code.
> 
> To request access to the Accounts v2 preview, 
> 
> For most use cases, we recommend [modeling your customers as customer-configured Account objects](https://docs.stripe.com/accounts-v2/use-accounts-as-customers.md) instead of using [Customer](https://docs.stripe.com/api/customers.md) objects.

A Stripe App needs permission to read or write user data. This includes these situations:

- Accessing Stripe API objects—see [Object permissions](https://docs.stripe.com/stripe-apps/reference/permissions.md#object)
- Subscribing to events—see [Event permissions](https://docs.stripe.com/stripe-apps/reference/permissions.md#event-permissions)

To request permissions, list them in the `permissions` array in your app manifest file. You can also manage this array from the CLI. Account administrators that install your app must accept the permissions that you list before using it.

If your app performs an action it lacks permissions for, Stripe might raise an [invalid request error](https://docs.stripe.com/error-handling.md#invalid-request-errors).

## Manage permissions 

You can add a permission to the `permissions` array in your `stripe-app.json` app manifest file using the following command:

```bash
stripe apps grant permission "PERMISSION_NAME" "EXPLANATION"
```

Replace:

- `PERMISSION_NAME` with the permission name. You can find permission names for [objects](https://docs.stripe.com/stripe-apps/reference/permissions.md#object) and [events](https://docs.stripe.com/stripe-apps/reference/permissions.md#event-permissions) in the sections below.
- `EXPLANATION` with an explanation for enabling access. Users see this explanation when they install your app.

Repeat this step for each permission that you want to add to your application.

For example, after you add the `customer_read` permission, your app manifest file might look like this:

```json
{
  "id": "com.example.app",
  "version": "1.2.3",
  "name": "Example App",
  "icon": "./example_icon_32.png","permissions": [
    {
      "permission": "customer_read",
      "purpose": "Receive access to the customer's phone number"
    }
  ],
}
```

To remove a permission, you can also use the CLI:

```bash
stripe apps revoke permission "PERMISSION_NAME"
```

## Object permissions 

For each [API object](https://docs.stripe.com/api.md) your app reads or writes, it must request at least one of the corresponding permissions.

If you’re [expanding objects](https://docs.stripe.com/expand.md) in the responses of your API requests, you must also request at least one corresponding permission for each API object you expand.
Product | Resource | Permissions | Description
Accounts | Card Creator Configuration | v2_account_card_creator_read, v2_account_card_creator_write | Card Creator Configuration enables the Card Creator capability on v2 Accounts for issuing cards. Read access lets you view card creator configuration. Write access lets you manage card creator settings.
Billing | Billing Meter Events | billing_meter_event_read, billing_meter_event_write | Billing Meter Events are individual usage records reported against a meter. Read access lets you list events. Write access lets you report new usage events. See <Link>Billing Meter Events|https://docs.stripe.com/api/billing/meter-event</Link>.
Billing | Billing Meters | billing_meter_read, billing_meter_write | Billing Meters track usage events for usage-based billing. Read access lets you list meters and view their configurations. Write access lets you create and update meters. See <Link>Billing Meters|https://docs.stripe.com/api/billing/meter</Link>.
Billing | Coupons | coupon_read, coupon_write | Coupons define discounts that can be applied to subscriptions or invoices. Read access lets you list and retrieve coupons. Write access lets you create, update, and delete coupons. See <Link>Coupons|https://docs.stripe.com/api/coupons</Link>.
Billing | Credit Notes | credit_note_read, credit_note_write | Credit Notes are documents that reduce the amount owed on an invoice. Read access lets you list and retrieve credit notes. Write access lets you create and void credit notes. See <Link>Credit Notes|https://docs.stripe.com/api/credit_notes</Link>.
Billing | Customer Portal | customer_portal_read, customer_portal_write | Customer Portal provides a Stripe-hosted page where customers manage their subscriptions and billing details. Read access lets you retrieve portal configurations. Write access lets you create and update portal settings. See <Link>Customer Portal|https://docs.stripe.com/api/customer_portal/configurations</Link>.
Billing | Entitlements | entitlement_read | Entitlements define feature access granted to customers through their subscriptions. Read access lets you check customer entitlements. See <Link>Entitlements|https://docs.stripe.com/billing/entitlements</Link>.
Billing | Invoices | invoice_read, invoice_write | Invoices are statements of amounts owed by a customer. Read access lets you list and retrieve invoice details. Write access lets you create, finalize, and void invoices. See <Link>Invoices|https://docs.stripe.com/api/invoices</Link>.
Billing | Prices | plan_read, plan_write | Prices define how much and how often to charge for products. Read access lets you list, retrieve, and search prices. Write access lets you create, update, and delete prices. See <Link>Prices|https://docs.stripe.com/api/prices</Link>.
Billing | Promotion Codes | promotion_code_read, promotion_code_write | Promotion Codes are customer-facing codes that apply coupon discounts. Read access lets you list and retrieve codes. Write access lets you create, update, and deactivate promotion codes. See <Link>Promotion Codes|https://docs.stripe.com/api/promotion_codes</Link>.
Billing | Quotes | quote_read, quote_write | Quotes are proposals for recurring or one-time purchases sent to customers for acceptance. Read access lets you list and retrieve quotes. Write access lets you create, finalize, and accept quotes. See <Link>Quotes|https://docs.stripe.com/api/quotes</Link>.
Billing | Subscriptions | subscription_read, subscription_write | Subscriptions let you charge a customer on a recurring basis. Read access lets you list and retrieve subscription details. Write access lets you create, update, pause, and cancel subscriptions. See <Link>Subscriptions|https://docs.stripe.com/api/subscriptions</Link>.
Billing | Tax Rates | tax_rate_read, tax_rate_write | Tax Rates define percentage-based tax amounts applied to invoices and subscriptions. Read access lets you list and retrieve tax rates. Write access lets you create, update, and copy tax rates. See <Link>Tax Rates|https://docs.stripe.com/api/tax_rates</Link>.
Billing | Test Clocks | billing_clock_read, billing_clock_write | Test Clocks simulate the passage of time for testing subscription billing behavior. Read access lets you retrieve clock status. Write access lets you create and advance test clocks. See <Link>Test Clocks|https://docs.stripe.com/billing/testing/test-clocks</Link>.
Billing | Usage Records | usage_record_read, usage_record_write | Usage Records report customer consumption for metered billing on subscription items. Read access lets you retrieve usage data. Write access lets you create usage records. See <Link>Usage Records|https://docs.stripe.com/api/subscription_items</Link>.
Checkout Sessions | Checkout Sessions | checkout_session_read, checkout_session_write | Checkout Sessions power Stripe's prebuilt payment page for collecting payments. Read access lets you retrieve session details, line items, and related payment information. Write access lets you create checkout sessions, configure payment options, and expire active sessions. See <Link>Checkout Sessions|https://docs.stripe.com/api/checkout/sessions</Link>.
Commerce | Product Catalog Imports | product_catalog_import_read, product_catalog_import_write | Product Catalog Imports enable bulk uploading products and prices into your catalog. Read access lets you view import status. Write access lets you create and manage imports.
Connect | Account Links | account_link_write | Account Links are short-lived URLs that redirect connected account holders to Stripe-hosted onboarding or management pages. Write access lets you create account links. See <Link>Account Links|https://docs.stripe.com/api/account_links</Link>.
Connect | Application Fees | application_fee_read, application_fee_write | Application Fees are charges collected by platforms on payments made through connected accounts. Read access lets you list and retrieve fee details. Write access lets you create refunds on application fees. See <Link>Application Fees|https://docs.stripe.com/api/application_fees</Link>.
Connect | Capital Financing Offers | capital_for_platforms_financing_offer_read, capital_for_platforms_financing_offer_write | Financing Offers are Capital loan offers extended to connected accounts. Read access lets you list and retrieve offers. Write access lets you manage offer configurations. See <Link>Capital Financing Offers|https://docs.stripe.com/api/capital/connect_financing_object</Link>.
Connect | Capital Financing Summaries | capital_for_platforms_financing_summary_read | Financing Summaries provide an overview of a connected account's active financing, including outstanding balance and repayment progress. Read access lets you retrieve summaries. See <Link>Capital Financing Summaries|https://docs.stripe.com/api/capital/financing_summary</Link>.
Connect | Capital Financing Transactions | capital_for_platforms_financing_transaction_read | Financing Transactions record individual repayments and disbursements related to Capital financing. Read access lets you list and retrieve transactions. See <Link>Capital Financing Transactions|https://docs.stripe.com/api/capital/financing_transactions</Link>.
Connect | Login Links | edit_link_write | Login Links generate single-use URLs for connected account holders to access their Express dashboard. Write access lets you create login links. See <Link>Login Links|https://docs.stripe.com/api/accounts/login_link</Link>.
Connect | Top-Ups | top_up_read, top_up_write | Top-ups add funds to your Stripe balance from a bank account. Read access lets you list and retrieve top-ups. Write access lets you create and cancel top-ups. See <Link>Top-Ups|https://docs.stripe.com/api/topups</Link>.
Connect | Transfers | transfer_read, transfer_write | Transfers move funds from your Stripe account to a connected account. Read access lets you list and retrieve transfer details. Write access lets you create, update, cancel, and reverse transfers. See <Link>Transfers|https://docs.stripe.com/api/transfers</Link>.
Core | Accounts | connected_account_read | Accounts represent Stripe accounts or connected accounts on your platform. Read access lets you retrieve account details and settings. Write access lets you update account information. See <Link>Accounts|https://docs.stripe.com/api/accounts</Link>.
Core | Apple Pay Domains | apple_pay_domain_read, apple_pay_domain_write | Apple Pay Domains are web domains registered for Apple Pay. Read access lets you list registered domains. Write access lets you register and delete domains. See <Link>Apple Pay Domains|https://docs.stripe.com/payments/payment-methods/pmd-registration</Link>.
Core | Balance | balance_read | Balance represents the current funds available in your Stripe account. Read access lets you retrieve your current balance and pending amounts. See <Link>Balance|https://docs.stripe.com/api/balance</Link>.
Core | Balance Transaction Sources | balance_transaction_source_read | Balance Transaction Sources are the underlying objects (Charges, Refunds, and Transfers) that create Balance Transactions. Read access lets you expand the source attribute when retrieving Balance Transactions. This also implies Application Fees (Read), Balance (Read), Financing Transactions (Read), Payouts (Read), Transfers (Read), and Balance Transfers (Read). See <Link>Balance Transaction Sources|https://docs.stripe.com/api/balance_transactions</Link>.
Core | Charges and Refunds | charge_read, charge_write | Charges represent completed or attempted payments, and Refunds return funds to a customer. Read access lets you list and retrieve charges and refunds. Write access lets you create, update, capture, and redact charges, and create, update, and cancel refunds. See <Link>Charges and Refunds|https://docs.stripe.com/api/charges</Link>.
Core | Client Confirmation Tokens | confirmation_token_client_read, confirmation_token_client_write | Client Confirmation Tokens enable creating and reading tokens from the client during checkout flows. Write access lets you create tokens from the client side. See <Link>Client Confirmation Tokens|https://docs.stripe.com/api/confirmation_tokens</Link>.
Core | Confirmation Tokens | confirmation_token_read | Confirmation Tokens securely pass payment details from the client to your server for confirming payments. Read access lets you retrieve token details server-side. See <Link>Confirmation Tokens|https://docs.stripe.com/api/confirmation_tokens</Link>.
Core | Customer Sessions | customer_session_read, customer_session_write | Customer Sessions enable authenticated customer interactions with embedded components. Read access lets you retrieve session details. Write access lets you create sessions. See <Link>Customer Sessions|https://docs.stripe.com/api/customer_sessions</Link>.
Core | Customers | customer_read, customer_write | Customers store payment methods and transaction history for repeat buyers. Read access lets you list and retrieve customer details. Write access lets you create, update, and delete customers. See <Link>Customers|https://docs.stripe.com/api/customers</Link>.
Core | Events | event_read | Events represent changes to Stripe objects, delivered via webhooks. Read access lets you list and retrieve all event types. See <Link>Events|https://docs.stripe.com/api/events</Link>.
Core | Files | file_read, file_write | Files are documents uploaded to Stripe, such as dispute evidence or identity documents. Read access lets you list and retrieve files and file links. Write access lets you upload files and create, update, and expire file links. See <Link>Files|https://docs.stripe.com/api/files</Link>.
Core | Payment Disputes | dispute_read, dispute_write | Payment Disputes occur when a customer questions a payment with their bank. Read access lets you list and retrieve disputes. Write access lets you update, close, and escalate disputes and submit evidence. See <Link>Payment Disputes|https://docs.stripe.com/api/disputes</Link>.
Core | Payment Intents | payment_intent_read, payment_intent_write | Payment Intents track a payment from creation through confirmation and capture. Read access lets you list and retrieve Payment Intents and their events. Write access lets you create, update, confirm, capture, cancel, redact, increment authorizations, decrement authorizations, and reauthorize Payment Intents. See <Link>Payment Intents|https://docs.stripe.com/api/payment_intents</Link>.
Core | Payment Links | payment_links_read, payment_links_write | Payment Links are shareable URLs that take customers to a hosted payment page. Read access lets you retrieve and list payment links and their line items. Write access lets you create and update payment links. See <Link>Payment Links|https://docs.stripe.com/payment-links</Link>.
Core | Payment Method Configurations | payment_method_configurations_read, payment_method_configurations_write | Payment Method Configurations control which payment methods are available for checkout experiences. Read access lets you list and retrieve configurations. Write access lets you create and update payment method configurations. See <Link>Payment Method Configurations|https://docs.stripe.com/api/payment_method_configurations</Link>.
Core | Payment Method Domains | payment_method_domain_read, payment_method_domain_write | Payment Method Domains are web domains registered for wallet-based payment methods like Apple Pay and Link. Read access lets you list and retrieve registered domains. Write access lets you register new domains and validate their status. See <Link>Payment Method Domains|https://docs.stripe.com/payments/payment-methods/pmd-registration</Link>.
Core | Payment Methods | payment_method_read, payment_method_write | Payment Methods represent a customer's payment instrument (cards, bank accounts, wallets). Read access lets you list and retrieve payment method details. Write access lets you create, update, attach, and detach payment methods. See <Link>Payment Methods|https://docs.stripe.com/api/payment_methods</Link>.
Core | Payment Records | payment_records_read, payment_records_write | Payment Records capture payment attempt data reported outside of Stripe. Read access lets you list and retrieve payment records. Write access lets you create and report payment attempts. See <Link>Payment Records|https://docs.stripe.com/api/payment-record</Link>.
Core | Payouts | payout_read, payout_write | Payouts move funds from your Stripe balance to your bank account or debit card. Read access lets you list and retrieve payout details. Write access lets you create, update, cancel, and reverse payouts. See <Link>Payouts|https://docs.stripe.com/api/payouts</Link>.
Core | Products | product_read, product_write | Products represent goods or services you sell. Read access lets you list and retrieve product details. Write access lets you create, update, and delete products. See <Link>Products|https://docs.stripe.com/api/products</Link>.
Core | Setup Intents | setup_intent_read, setup_intent_write | Setup Intents guide the process of saving a customer's payment method for future use without charging them. Read access lets you list and retrieve Setup Intents and setup attempts. Write access lets you create, update, confirm, cancel, and redact Setup Intents. See <Link>Setup Intents|https://docs.stripe.com/api/setup_intents</Link>.
Core | Shipping Rates | shipping_rate_read, shipping_rate_write | Shipping Rates define delivery costs that can be applied to checkout sessions and orders. Read access lets you list and retrieve rates. Write access lets you create and update shipping rates. See <Link>Shipping Rates|https://docs.stripe.com/api/shipping_rates</Link>.
Core | Sources | source_read, source_write | Sources represent payment methods created via the legacy Sources API. Read access lets you retrieve source details. Write access lets you create and update sources. See <Link>Sources|https://docs.stripe.com/api/sources</Link>.
Core | Tokens | token_read, token_write | Tokens securely transmit sensitive card or bank account details from the client to your server. Read access lets you retrieve token details. Write access lets you create tokens. See <Link>Tokens|https://docs.stripe.com/api/tokens</Link>.
Issuing | Issuing Authorizations | issuing_authorization_read, issuing_authorization_write | Issuing Authorizations represent pending card transactions that may be approved or declined. Read access lets you list and retrieve authorizations. Write access lets you approve or decline pending authorizations. See <Link>Issuing Authorizations|https://docs.stripe.com/api/issuing/authorizations</Link>.
Issuing | Issuing Cardholders | issuing_cardholder_read, issuing_cardholder_write | Issuing Cardholders represent individuals authorized to use issued cards. Read access lets you list and retrieve cardholder details. Write access lets you create and update cardholders. See <Link>Issuing Cardholders|https://docs.stripe.com/api/issuing/cardholders</Link>.
Issuing | Issuing Cards | issuing_card_read, issuing_card_write | Issuing Cards are virtual or physical payment cards you create and manage. Read access lets you list cards and view their details. Write access lets you create, update, and deactivate cards. See <Link>Issuing Cards|https://docs.stripe.com/api/issuing/cards</Link>.
Issuing | Issuing Credit Ledger | issuing_credit_ledger_read, issuing_credit_ledger_write | Issuing Credit Ledger tracks credit balances, entries, and adjustments for Issuing credit programs. Read access lets you view ledger entries and summaries. Write access lets you create adjustments.
Issuing | Issuing Disputes | issuing_dispute_read, issuing_dispute_write | Issuing Disputes represent chargebacks filed on transactions made with your issued cards. Read access lets you list and retrieve disputes. Write access lets you create and submit disputes. See <Link>Issuing Disputes|https://docs.stripe.com/api/issuing/disputes</Link>.
Issuing | Issuing Token Network Data | issuing_token_network_data_read | Issuing Token Network Data provides network-level details about provisioned tokens, including device and wallet information. Read access lets you retrieve network-specific token data. See <Link>Issuing Token Network Data|https://docs.stripe.com/api/issuing/tokens</Link>.
Issuing | Issuing Tokens | issuing_token_read, issuing_token_write | Issuing Tokens represent network tokens (device tokens for Apple Pay and Google Pay) provisioned for issued cards. Read access lets you list and retrieve tokens. Write access lets you manage token lifecycle. See <Link>Issuing Tokens|https://docs.stripe.com/api/issuing/tokens</Link>.
Issuing | Issuing Transactions | issuing_transaction_read, issuing_transaction_write | Issuing Transactions represent completed purchases made with issued cards. Read access lets you list and retrieve transaction details. Write access lets you update transaction metadata. See <Link>Issuing Transactions|https://docs.stripe.com/api/issuing/transactions</Link>.
Money Management | Money Management Recipient Verifications | recipient_verification_read | Money Management Recipient Verifications confirm the identity and bank details of payment recipients. Read access lets you view verification status. Write access lets you initiate verifications.
Orders | Orders | order_read, order_write | Orders represent purchases of products through the legacy Orders API. Read access lets you retrieve order details. Write access lets you create and manage orders.
Orders | Terminal SKUs | sku_read, sku_write | Terminal SKUs represent hardware product variants available for purchase. Read access lets you list available SKUs and their details. Write access lets you manage SKU configurations. See <Link>Terminal SKUs|https://docs.stripe.com/api/terminal/hardware_skus</Link>.
Provisioning | Provisioning Account Requests | provisioning_account_request_read, provisioning_account_request_write | Provisioning Account Requests track requests for new Stripe accounts within a provisioning workflow. Read access lets you view request status. Write access lets you create and manage requests.
Provisioning | Provisioning Projects | provisioning_project_read, provisioning_project_write | Provisioning Projects organize groups of account requests and their configurations. Read access lets you view project details. Write access lets you create and manage projects.
Provisioning | Provisioning Resources | provisioning_resource_read, provisioning_resource_write | Provisioning Resources are account components allocated through the provisioning workflow. Read access lets you view resource details. Write access lets you manage resources.
Radar | Reviews | review_read, review_write | Reviews are flagged payments requiring human evaluation before approval. Read access lets you list and retrieve reviews. Write access lets you approve or reject flagged payments. See <Link>Reviews|https://docs.stripe.com/api/radar/reviews</Link>.
Reporting | Financial Reports | report_runs_and_report_types_read | Financial Reports provide automated reporting data. Read access lets you list report types and retrieve generated reports. Write access lets you create report runs. See <Link>Financial Reports|https://docs.stripe.com/api/reporting/report_type</Link>.
Stripe Apps | Secrets | secret_read, secret_write | Secrets provide secure storage for sensitive values used by Stripe Apps. Read access lets you retrieve secrets your app has stored. Write access lets you create and update secrets. See <Link>Secrets|https://docs.stripe.com/api/secret_management</Link>.
Stripe Apps | User Email | user_email_read | User Email provides access to email addresses of team members on your Stripe account. Read access lets you retrieve user email addresses.
Tax | Tax Calculations, Transactions | tax_calculations_and_transactions_read, tax_calculations_and_transactions_write | Tax Calculations and Transactions represent computed tax amounts and recorded tax events. Read access lets you retrieve calculations and transactions. Write access lets you create calculations and record transactions. See <Link>Tax Calculations, Transactions|https://docs.stripe.com/api/tax/transactions</Link>.
Tax | Tax Enrollment Information | tax_enrollment_information_read | Tax Enrollment Information includes tax registration details and enrollment status for tax compliance. Read access lets you retrieve enrollment details.
Tax | Tax Liability Reports | tax_liability_read | Tax Liability Reports provide summaries of tax collected and owed across jurisdictions. Read access lets you retrieve liability reports and breakdowns.
Tax | Tax Settings, Registrations | tax_settings_read, tax_settings_write | Tax Settings and Registrations configure how Stripe Tax calculates and collects taxes for your account. Read access lets you view settings and registrations. Write access lets you update configurations. See <Link>Tax Settings, Registrations|https://docs.stripe.com/api/tax/settings</Link>.
Terminal | Terminal Configurations | terminal_configuration_read, terminal_configuration_write | Terminal Configurations define device behavior like tipping, receipts, and offline settings. Read access lets you list and retrieve configurations. Write access lets you create and update configurations. See <Link>Terminal Configurations|https://docs.stripe.com/api/terminal/configuration</Link>.
Terminal | Terminal Connection Tokens | terminal_connection_token_write | Terminal Connection Tokens authenticate your POS application's connection to a Terminal reader. Write access lets you create connection tokens. See <Link>Terminal Connection Tokens|https://docs.stripe.com/api/terminal/connection_tokens</Link>.
Terminal | Terminal Locations | terminal_location_read, terminal_location_write | Terminal Locations represent physical addresses where Terminal readers are deployed. Read access lets you list and retrieve locations. Write access lets you create, update, and delete locations. See <Link>Terminal Locations|https://docs.stripe.com/api/terminal/locations</Link>.
Terminal | Terminal Readers | terminal_reader_read, terminal_reader_write | Terminal Readers are physical devices for accepting in-person payments. Read access lets you list readers and view their status. Write access lets you register, update, and delete readers. See <Link>Terminal Readers|https://docs.stripe.com/api/terminal/readers</Link>.
Treasury | Treasury Transactions | treasury_transaction_read | Treasury Transactions record all money movements within a Treasury financial account. Read access lets you list and retrieve transaction details. See <Link>Treasury Transactions|https://docs.stripe.com/api/treasury/transactions</Link>.
Webhook Endpoints | Webhook Endpoints, Event Destinations | webhook_read, webhook_write | Webhook Endpoints and Event Destinations receive real-time notifications from Stripe APIs. This is a sensitive permission because it allows subscribing to events across your entire account. Read access lets you list endpoints. Write access lets you create and manage destinations. See <Link>Webhook Endpoints, Event Destinations|https://docs.stripe.com/api/webhook_endpoints</Link>.
## Event permissions 

For each [Event](https://docs.stripe.com/api/events/types.md) your  app subscribes to, it must request at least one of the corresponding permissions.

## See also

- [App manifest reference](https://docs.stripe.com/stripe-apps/reference/app-manifest.md)
- [How UI extensions work](https://docs.stripe.com/stripe-apps/how-ui-extensions-work.md)