Permissions reference
A list of available events and their required permissions.
A Stripe App needs permission to read or write user data. This includes these situations:
- Accessing Stripe API objects—see Object permissions
- Subscribing to events—see Event permissions
To request permissions, list them in the permissions array in your app manifest file. You can also manage this array from the CLI. Account administrators that install your app must accept the permissions that you list before using it.
If your app performs an action it lacks permissions for, Stripe might raise an invalid request error.
Manage permissions 
You can add a permission to the permissions array in your stripe-app. app manifest file using the following command:
stripe apps grant permission "PERMISSION_NAME" "EXPLANATION"
Replace:
PERMISSION_with the permission name. You can find permission names for objects and events in the sections below.NAME EXPLANATIONwith an explanation for enabling access. Users see this explanation when they install your app.
Repeat this step for each permission that you want to add to your application.
For example, after you add the customer_ permission, your app manifest file might look like this:
{ "id": "com.example.app", "version": "1.2.3", "name": "Example App", "icon": "./example_icon_32.png", "permissions": [ { "permission": "customer_read", "purpose": "Receive access to the customer’s phone number" } ], }
To remove a permission, you can also use the CLI:
stripe apps revoke permission "PERMISSION_NAME"
Object permissions
For each API object your app reads or writes, it must request at least one of the corresponding permissions.
If you’re expanding objects in the responses of your API requests, you must also request at least one corresponding permission for each API object you expand.
| Resource | Permission | Description |
|---|---|---|
| Account | connected_ | Grants access to read Accounts |
| Account link | account_ | Grants access to Account Links |
| Apple Pay Domain | apple_, apple_ | Grants access to Apple Pay Domain resources. To use Apple Pay, you need to register your web domains with Apple. See domain registration for more information. |
| Application Fee | application_, application_ | Grants access to Application Fees |
| Balance | balance_ | Grants access to Balance |
Balance transaction source |
| Grants access to expand the This permission also implies the following permissions: |
| Billing clock | billing_, billing_ | Grants access to Test clocks |
| Charge | charge_, charge_ | Grants access to Charges |
Checkout Session |
| Grants access to Sessions This permission also implies the following permissions: |
| Configuration | terminal_, terminal_ | Grants access to Configurations |
| Connection Token | terminal_ | Grants access to Connection Tokens |
| Coupon | coupon_, coupon_ | Grants access to Coupons |
Credit note |
| Grants access to Credit Notes This permission also implies the following permissions: |
Customer portal |
| Grants access to the customer portal If you’re using the customer portal to manage subscriptions or payment methods, you must also request |
Customer |
| Grants access to Customers This permission also implies the following permission: |
| Dispute | dispute_, dispute_ | Grants access to Disputes |
| Edit link | edit_ | Grants access to Login Links |
| Elements | elements_ | Grants access to Stripe.js Elements |
| Event | event_ | Grants access to Events |
| File | file_, file_ | Grants access to Files |
Invoice |
| Grants access to Invoices This permission also implies the following permission: If you’re using the hosted invoice page to manage invoices or payment methods, you must also request |
| Issuing authorization | issuing_, issuing_ | Grants access to Authorizations |
| Issuing card | issuing_, issuing_ | Grants access to Cards |
| Issuing cardholder | issuing_, issuing_ | Grants access to Cardholders |
| Issuing dispute | issuing_, issuing_ | Grants access to Issuing Disputes |
| Issuing transaction | issuing_ | Grants access to Transactions |
| Location | terminal_, terminal_ | Grants access to Locations |
| Mandate | mandate_, mandate_ | Grants access to Mandates |
| Order | order_, order_ | Grants access to Orders |
Payment intent |
| Grants access to PaymentIntents If you’re managing PaymentIntents with Stripe.js Elements, you must also request This permission also implies the following permissions: |
Payment links |
| Grants access to Payment Links This permission also implies the following permissions: |
Payment method |
| Grants access to PaymentMethods This permission also implies the following permission: |
| Payout | payout_, payout_ | Grants access to Payouts |
| Plan | plan_, plan_ | Grants access to Plans, Prices, and (implicitly) Products |
| Product | product_, product_ | Grants access to Products |
| Promotion Code | promotion_, promotion_ | Grants access to Promotion Codes |
Quote |
| Grants access to Quotes This permission also implies the following permissions: |
| Reader | terminal_, terminal_ | Grants access to Readers |
| Report Runs and Report Types | report_ | Grants read access to Report Types and allows creation of Report Runs |
| Review | review_, review_ | Grants access to Reviews |
| Secret | secret_ | Grants access to Secrets |
Setup Intent |
| Grants access to SetupIntents If you’re managing SetupIntents with Stripe.js Elements, you must also request This permission also implies the following permission: |
| Shipping rate | shipping_, shipping_ | Grants access to Shipping Rates |
| SKU | sku_, sku_ | Grants access to SKUs |
| Source | source_, source_ | Grants access to Sources |
| Subscription | subscription_, subscription_ | Grants access to Subscriptions |
| Tax rate | tax_, tax_ | Grants access to Tax Rates |
| Tax settings | tax_, tax_, | Grants access to Tax Settings |
| Tax transaction | tax_, tax_, | Grants access to Tax Calculations and Transactions |
| Token | token_, token_ | Grants access to Tokens |
| Top up | top_, top_ | Grants access to Top-ups |
Transfer |
| Grants access to Transfers This permission also implies the following permission: |
| Usage record | usage_, usage_ | Grants access to Usage Records |
| User Email | user_ | Grants access to user emails |
Webhook |
| Grants access to Webhook Endpoints For most apps, you don’t need to include |
Event permissions
For each Event your app subscribes to, it must request at least one of the corresponding permissions.