Permissions reference

A list of available events and their required permissions.

A Stripe App needs permission to read or write user data. This includes these situations:

Accessing Stripe API objects—see Object permissions
Subscribing to events—see Event permissions

To request permissions, list them in the permissions array in your app manifest file. You can also manage this array from the CLI. Account administrators that install your app must accept the permissions that you list before using it.

If your app performs an action it lacks permissions for, Stripe might raise an invalid request error.

Manage permissions

You can add a permission to the permissions array in your stripe-app.json app manifest file using the following command:

Command Line
stripe apps grant permission "PERMISSION_NAME" "EXPLANATION"

Replace:

PERMISSION_NAME with the permission name. You can find permission names for objects and events in the sections below.
EXPLANATION with an explanation for enabling access. Users see this explanation when they install your app.

Repeat this step for each permission that you want to add to your application.

For example, after you add the customer_read permission, your app manifest file might look like this:

stripe-app.json
{
  "id": "com.example.app",
  "version": "1.2.3",
  "name": "Example App",
  "icon": "./example_icon_32.png",
  "permissions": [
    {
      "permission": "customer_read",
      "purpose": "Receive access to the customer’s phone number"
    }
  ],
}

To remove a permission, you can also use the CLI:

Command Line
stripe apps revoke permission "PERMISSION_NAME"

Object permissions

For each API object your app reads or writes, it must request at least one of the corresponding permissions.

If you’re expanding objects in the responses of your API requests, you must also request at least one corresponding permission for each API object you expand.

Product	Resource	Permissions	Description

Billing	Coupons	`coupon_read` `coupon_write`	Grants access to Coupons and Coupon events
Billing	Credit notes	`credit_note_read` `credit_note_write`	Grants access to Credit Notes and Credit Note events. This permission also implies the following permissions: Invoices (Read)
Billing	Customer portal	`customer_portal_read` `customer_portal_write`	Grants access to Customer Portal and Customer Portal events If you're using the customer portal to manage subscriptions or payment methods, you must also request `elements_write`.
Billing	Entitlements	`entitlement_read`	Grants access to Entitlements and Entitlement events
Billing	Invoices	`invoice_read` `invoice_write`	Grants access to Invoices and Invoice events. This permission also implies the following permission: Credit Notes (Read) If you're using the hosted invoice page to manage invoices or payment methods, you must also request `elements_write`.
Billing	Meter Events	`billing_meter_event_read` `billing_meter_event_write`	Grants access to Billing Meter Events
Billing	Meters	`billing_meter_read` `billing_meter_write`	Grants access to Billing Meters and Billing Meter events
Billing	Prices	`plan_read` `plan_write`	Grants access to Plans and Plan events
Billing	Promotion Codes	`promotion_code_read` `promotion_code_write`	Grants access to Promotion Codes and Promotion Code events
Billing	Quote	`quote_read` `quote_write`	Grants access to Quotes and Quote events. This permission also implies the following permissions: SKUs (Read) and Products (Read)
Billing	Subscriptions	`subscription_read` `subscription_write`	Grants access to Subscriptions and Subscription events
Billing	Tax Rates	`tax_rate_read` `tax_rate_write`	Grants access to Tax Rates and Tax Rate events
Billing	Test clocks	`billing_clock_read` `billing_clock_write`	Grants access to Test clocks and Test clock events
Billing	Usage Records	`usage_record_read` `usage_record_write`	Grants access to Usage Records
Checkout	Checkout Sessions	`checkout_session_read` `checkout_session_write`	Grants access to Sessions and Session events. This permission also implies the following permissions: Mandates (Read), Payment Intents (Read), Payment Links (Read), Products (Read), Setup Intents (Read), and SKUs (Read)
Connect	Account Links	`account_link_write`	Grants access to Account Links
Connect	Application Fees	`application_fee_read` `application_fee_write`	Grants access to Application Fees and Application Fees events
Connect	Login Links	`edit_link_write`	Grants access to Login Links
Connect	Top-ups	`top_up_read` `top_up_write`	Grants access to Top-ups
Connect	Transfers	`transfer_read` `transfer_write`	Grants access to Transfers and Transfer events. This permission also implies the following permission: Payouts (Read)
Core	Accounts	`connected_account_read`	Grants access to read Accounts
Core	Apple Pay Domains	`apple_pay_domain_read` `apple_pay_domain_write`	Grants access to Apple Pay Domain resources. To use Apple Pay, you need to register your web domains with Apple. You can find more information here
Core	Balance	`balance_read`	Grants access to Balance and Balance events
Core	Balance Transaction Source	`balance_transaction_source_read`	This permission allows you to expand the `source` attribute when retrieving Balance Transactions. Note that this permission also implies the following permissions: Application Fees (Read), Balance (Read), Financing Transactions (Read), Payouts (Read), Transfers (Read), and Balance Transfers (Read)
Core	Charges and Refunds	`charge_read` `charge_write`	Grants access to Charges and Refunds
Core	Confirmation Token	`confirmation_token_read`	Grants access to Confirmation Tokens. This permission allows retrieving Confirmation Token details server-side.
Core	Confirmation Token (client)	`confirmation_token_client_read` `confirmation_token_client_write`	Grants access to Confirmation Tokens. This permission allows creating and reading Confirmation Tokens from the client during checkout.
Core	Customer Session	`customer_session_read` `customer_session_write`	Grants access to Customer Sessions
Core	Customers	`customer_read` `customer_write`	Grants access to Customers and Customer events. This permission also implies the following permission: Billing Clocks (Read)
Core	Disputes	`dispute_read` `dispute_write`	Grants access to Disputes
Core	Events	`event_read`	Grants access to all Events of all types
Core	Files	`file_read` `file_write`	Grants access to Files and File events
Core	Payment Intents	`payment_intent_read` `payment_intent_write`	Grants access to Payment Intents and PaymentIntent events. This permission also implies the following permissions: Products (Read) and SKUs (Read) If you're managing PaymentIntents with Stripe.js Elements, you must also request `elements_write`.
Core	Payment Links	`payment_links_read` `payment_links_write`	Grants access to Payment Links and Payment Link events. This permission also implies the following permissions: Mandates (Read), Products (Read), and SKUs (Read)
Core	Payment Method Domains	`payment_method_domain_read` `payment_method_domain_write`	Grants access to Payment Method Domains
Core	Payment Methods	`payment_method_read` `payment_method_write`	Grants access to PaymentMethods and PaymentMethod events. This permission also implies the following permission: Sources (Read)
Core	Payment Records	`payment_records_read` `payment_records_write`	Grants access to Payment Records
Core	Payouts	`payout_read` `payout_write`	Grants access to Payouts and Payout events
Core	Products	`product_read` `product_write`	Grants access to Products and Product events
Core	Setup Intents	`setup_intent_read` `setup_intent_write`	Grants access to SetupIntents and SetupIntent events. This permission also implies the following permission: Mandates (Read) If you're managing SetupIntents with Stripe.js Elements, you must also request `elements_write`.
Core	Shipping Rates	`shipping_rate_read` `shipping_rate_write`	Grants access to Shipping Rates
Core	Sources	`source_read` `source_write`	Grants access to Sources
Core	Tokens	`token_read` `token_write`	Grants access to Tokens
Issuing	Authorizations	`issuing_authorization_read` `issuing_authorization_write`	Grants access to Authorizations
Issuing	Cardholders	`issuing_cardholder_read` `issuing_cardholder_write`	Grants access to Cardholders
Issuing	Cards	`issuing_card_read` `issuing_card_write`	Grants access to Cards
Issuing	Disputes	`issuing_dispute_read` `issuing_dispute_write`	Grants access to Issuing Disputes
Issuing	Issuing Tokens	`issuing_token_read` `issuing_token_write`	Grants access to Issuing Tokens
Issuing	Issuing Tokens Network Data	`issuing_token_network_data_read`	Grants access to Issuing Tokens Network Data
Issuing	Transactions	`issuing_transaction_read` `issuing_transaction_write`	Grants access to Transactions
Money Management	Recipient Verifications	`recipient_verification_read`	Grants access to Money Management Recipient Verifications
Orders	Orders	`order_read` `order_write`	Grants access to Orders
Orders	SKUs	`sku_read` `sku_write`	Grants access to Terminal SKUs and SKU events
Radar	Reviews	`review_read` `review_write`	Grants access to Reviews
Reporting	Report Runs and Report Types	`report_runs_and_report_types_read`	Grants access to Report Types and allows creation of Report Runs.
Stripe Apps	Secrets	`secret_read` `secret_write`	Grants access to Secrets. Apps can only access secrets they create.
Stripe Apps	User Email	`user_email_read`	Grants access to user emails
Tax	Tax Calculations and Transactions	`tax_calculations_and_transactions_read` `tax_calculations_and_transactions_write`	Grants access to Tax Transactions
Tax	Tax Enrollment Information	`tax_enrollment_information_read`	Grants access to access to Tax Enrollment information
Tax	Tax Liability	`tax_liability_read`	Grants access to access to Tax Liability report
Tax	Tax Settings and Registrations	`tax_settings_read` `tax_settings_write`	Grants access to Tax Settings and Tax Registrations
Terminal	Configurations	`terminal_configuration_read` `terminal_configuration_write`	Grants access to Configurations
Terminal	Connection Tokens	`terminal_connection_token_write`	Grants access to Connection Tokens
Terminal	Locations	`terminal_location_read` `terminal_location_write`	Grants access to Locations
Terminal	Readers	`terminal_reader_read` `terminal_reader_write`	Grants access to Readers
Treasury	Transactions	`treasury_transaction_read`	Grants access to Treasury Transactions
Webhook	Webhook Endpoints	`webhook_read` `webhook_write`	Grants access to Webhook Endpoints For most apps, you don't need to include `webhook_write`. Instead, set up a webhook to listen to events from your connected accounts. If you still need `webhook_write`, contact Stripe Support.

Event permissions

For each Event your app subscribes to, it must request at least one of the corresponding permissions.

Permissions reference

A list of available events and their required permissions.

Manage permissions

Object permissions

Event permissions

See also