# Permissions reference

A list of available events and their required permissions.

A Stripe App needs permission to read or write user data. This includes these situations:

- Accessing Stripe API objects—see [Object permissions](https://docs.stripe.com/stripe-apps/reference/permissions.md#object)
- Subscribing to events—see [Event permissions](https://docs.stripe.com/stripe-apps/reference/permissions.md#event)

To request permissions, list them in the `permissions` array in your app manifest file. You can also manage this array from the CLI. Account administrators that install your app must accept the permissions that you list before using it.

If your app performs an action it lacks permissions for, Stripe might raise an [invalid request error](https://docs.stripe.com/error-handling.md#invalid-request-errors).

## Manage permissions

You can add a permission to the `permissions` array in your `stripe-app.json` app manifest file using the following command:

```bash
stripe apps grant permission "PERMISSION_NAME" "EXPLANATION"
```

Replace:

- `PERMISSION_NAME` with the permission name. You can find permission names for [objects](https://docs.stripe.com/stripe-apps/reference/permissions.md#object) and [events](https://docs.stripe.com/stripe-apps/reference/permissions.md#event) in the sections below.
- `EXPLANATION` with an explanation for enabling access. Users see this explanation when they install your app.

Repeat this step for each permission that you want to add to your application.

For example, after you add the `customer_read` permission, your app manifest file might look like this:

```json
{
  "id": "com.example.app",
  "version": "1.2.3",
  "name": "Example App",
  "icon": "./example_icon_32.png","permissions": [
    {
      "permission": "customer_read",
      "purpose": "Receive access to the customer’s phone number"
    }
  ],
}
```

To remove a permission, you can also use the CLI:

```bash
stripe apps revoke permission "PERMISSION_NAME"
```

## Object permissions

For each [API object](https://docs.stripe.com/api.md) your app reads or writes, it must request at least one of the corresponding permissions.

If you’re [expanding objects](https://docs.stripe.com/expand.md) in the responses of your API requests, you must also request at least one corresponding permission for each API object you expand.
Product | Resource | Permissions | Description
Billing | Coupons | coupon_read, coupon_write | Grants access to <Link>Coupons|https://stripe.com/docs/api/coupons</Link> and Coupon events
Billing | Credit notes | credit_note_read, credit_note_write | Grants access to <Link>Credit Notes|https://stripe.com/docs/api/credit_notes</Link> and Credit Note events.{LineBreak}This permission also implies the following permissions: Invoices (Read)
Billing | Customer portal | customer_portal_read, customer_portal_write | Grants access to <Link>Customer Portal|https://stripe.com/docs/api/customer_portal</Link> and Customer Portal events
Billing | Entitlements | entitlement_read | Grants access to <Link>Entitlements|https://docs.stripe.com/billing/entitlements</Link> and Entitlement events
Billing | Invoices | invoice_read, invoice_write | Grants access to <Link>Invoices|https://stripe.com/docs/api/invoices</Link> and Invoice events.{LineBreak}This permission also implies the following permission: Credit Notes (Read)
Billing | Meter Events | billing_meter_event_read, billing_meter_event_write | Grants access to <Link>Billing Meter Events|https://docs.stripe.com/api/billing/meter-events</Link>
Billing | Meters | billing_meter_read, billing_meter_write | Grants access to <Link>Billing Meters|https://docs.stripe.com/api/billing/meter</Link> and Billing Meter events
Billing | Prices | plan_read, plan_write | Grants access to <Link>Plans|https://stripe.com/docs/api/plans</Link> and Plan events
Billing | Promotion Codes | promotion_code_read, promotion_code_write | Grants access to <Link>Promotion Codes|https://stripe.com/docs/api/promotion_codes</Link> and Promotion Code events
Billing | Quote | quote_read, quote_write | Grants access to <Link>Quotes|https://stripe.com/docs/api/quotes</Link> and Quote events.{LineBreak}This permission also implies the following permissions: SKUs (Read) and Products (Read)
Billing | Subscriptions | subscription_read, subscription_write | Grants access to <Link>Subscriptions|https://stripe.com/docs/api/subscriptions</Link> and Subscription events
Billing | Tax Rates | tax_rate_read, tax_rate_write | Grants access to <Link>Tax Rates|https://stripe.com/docs/api/tax_rates</Link> and Tax Rate events
Billing | Test clocks | billing_clock_read, billing_clock_write | Grants access to <Link>Test clocks|https://stripe.com/docs/billing/testing/test-clocks</Link> and Test clock events
Billing | Usage Records | usage_record_read, usage_record_write | Grants access to <Link>Usage Records|https://stripe.com/docs/api/usage_records</Link>
Checkout | Checkout Sessions | checkout_session_read, checkout_session_write | Grants access to <Link>Sessions|https://stripe.com/docs/api/checkout/sessions</Link> and Session events.{LineBreak}This permission also implies the following permissions: Mandates (Read), Payment Intents (Read), Payment Links (Read), Products (Read), Setup Intents (Read), and SKUs (Read)
Connect | Account Links | account_link_write | Grants access to <Link>Account Links|https://stripe.com/docs/api/account_links</Link>
Connect | Application Fees | application_fee_read, application_fee_write | Grants access to <Link>Application Fees|https://stripe.com/docs/api/application_fees</Link> and Application Fees events
Connect | Financing Offers | capital_for_platforms_financing_offer_read, capital_for_platforms_financing_offer_write | Grants access to <Link>Financial Offers|api/capital/connect_financing_object</Link>
Connect | Financing Summary | capital_for_platforms_financing_summary_read | Grants access to <Link>Financial Summaries|https://docs.stripe.com/api/capital/financing_summary</Link>
Connect | Financing Transactions | capital_for_platforms_financing_transaction_read | Grants access to <Link>Financing Transactions|https://docs.stripe.com/api/capital/financing_transactions</Link>
Connect | Login Links | edit_link_write | Grants access to <Link>Login Links|https://stripe.com/docs/api/accounts/login_link</Link>
Connect | Top-ups | top_up_read, top_up_write | Grants access to <Link>Top-ups|https://stripe.com/docs/api/topups</Link>
Connect | Transfers | transfer_read, transfer_write | Grants access to <Link>Transfers|https://stripe.com/docs/api/transfers</Link> and Transfer events.{LineBreak}This permission also implies the following permission: Payouts (Read)
Core | Accounts | connected_account_read | Grants access to read <Link>Accounts|https://stripe.com/docs/api/accounts</Link>
Core | Apple Pay Domains | apple_pay_domain_read, apple_pay_domain_write | Grants access to Apple Pay Domain resources.{LineBreak}To use Apple Pay, you need to register your web domains with Apple. You can find more information <Link>here|https://stripe.com/docs/stripe-js/elements/payment-request-button#verifying-your-domain-with-apple-pay</Link>
Core | Balance | balance_read | Grants access to <Link>Balance|https://stripe.com/docs/api/balance</Link> and Balance events
Core | Balance Transaction Source | balance_transaction_source_read | This permission allows you to expand the `source` attribute when retrieving <Link>Balance Transactions|https://stripe.com/docs/api/balance_transactions</Link>.{LineBreak}Note that this permission also implies the following permissions: Application Fees (Read), Balance (Read), Financing Transactions (Read), Payouts (Read), Transfers (Read), and Balance Transfers (Read)
Core | Charges and Refunds | charge_read, charge_write | Grants access to <Link>Charges|https://stripe.com/docs/api/charges</Link> and <Link>Refunds|https://stripe.com/docs/api/refunds</Link>
Core | Confirmation Token | confirmation_token_read | Grants access to <Link>Confirmation Tokens|https://docs.stripe.com/api/confirmation_tokens</Link>.{LineBreak}This permission allows retrieving Confirmation Token details server-side.
Core | Confirmation Token (client) | confirmation_token_client_read, confirmation_token_client_write | Grants access to <Link>Confirmation Tokens|https://docs.stripe.com/api/confirmation_tokens</Link>.{LineBreak}This permission allows creating and reading Confirmation Tokens from the client during checkout.
Core | Customer Session | customer_session_read, customer_session_write | Grants access to <Link>Customer Sessions|https://docs.stripe.com/api/customer_sessions</Link>
Core | Customers | customer_read, customer_write | Grants access to <Link>Customers|https://stripe.com/docs/api/customers</Link> and Customer events.{LineBreak}This permission also implies the following permission: Billing Clocks (Read)
Core | Disputes | dispute_read, dispute_write | Grants access to <Link>Disputes|https://stripe.com/docs/api/disputes</Link>
Core | Events | event_read | Grants access to all <Link>Events|https://stripe.com/docs/api/events</Link> of all types
Core | Files | file_read, file_write | Grants access to <Link>Files|https://stripe.com/docs/api/files</Link> and File events
Core | Payment Intents | payment_intent_read, payment_intent_write | Grants access to <Link>Payment Intents|https://stripe.com/docs/api/payment_intents</Link> and PaymentIntent events.{LineBreak}This permission also implies the following permissions: Products (Read) and SKUs (Read)
Core | Payment Links | payment_links_read, payment_links_write | Grants access to <Link>Payment Links|https://stripe.com/docs/payments/payment-links</Link> and Payment Link events.{LineBreak}This permission also implies the following permissions: Mandates (Read), Products (Read), and SKUs (Read)
Core | Payment Method Domains | payment_method_domain_read, payment_method_domain_write | Grants access to <Link>Payment Method Domains|https://docs.stripe.com/payments/payment-methods/pmd-registration</Link>
Core | Payment Methods | payment_method_read, payment_method_write | Grants access to <Link>PaymentMethods|https://stripe.com/docs/api/payment_methods</Link> and PaymentMethod events.{LineBreak}This permission also implies the following permission: Sources (Read)
Core | Payment Records | payment_records_read, payment_records_write | Grants access to <Link>Payment Records|https://docs.stripe.com/api/payment-record</Link>
Core | Payouts | payout_read, payout_write | Grants access to <Link>Payouts|https://stripe.com/docs/api/payouts</Link> and Payout events
Core | Products | product_read, product_write | Grants access to <Link>Products|https://stripe.com/docs/api/products</Link> and Product events
Core | Setup Intents | setup_intent_read, setup_intent_write | Grants access to <Link>SetupIntents|https://stripe.com/docs/api/setup_intents</Link> and SetupIntent events.{LineBreak}This permission also implies the following permission: Mandates (Read)
Core | Shipping Rates | shipping_rate_read, shipping_rate_write | Grants access to <Link>Shipping Rates|https://stripe.com/docs/api/shipping_rates</Link>
Core | Sources | source_read, source_write | Grants access to <Link>Sources|https://stripe.com/docs/api/sources</Link>
Core | Tokens | token_read, token_write | Grants access to <Link>Tokens|https://stripe.com/docs/api/tokens</Link>
Issuing | Authorizations | issuing_authorization_read, issuing_authorization_write | Grants access to <Link>Authorizations|https://stripe.com/docs/api/issuing/authorizations</Link>
Issuing | Cardholders | issuing_cardholder_read, issuing_cardholder_write | Grants access to <Link>Cardholders|https://stripe.com/docs/api/issuing/cardholders</Link>
Issuing | Cards | issuing_card_read, issuing_card_write | Grants access to <Link>Cards|https://stripe.com/docs/api/issuing/cards</Link>
Issuing | Credit Ledger | issuing_credit_ledger_read, issuing_credit_ledger_write | Grants access to Issuing Credit Ledger resources including entries, adjustments, and summary
Issuing | Disputes | issuing_dispute_read, issuing_dispute_write | Grants access to <Link>Issuing Disputes|https://stripe.com/docs/api/issuing/disputes</Link>
Issuing | Issuing Tokens | issuing_token_read, issuing_token_write | Grants access to <Link>Issuing Tokens|https://docs.stripe.com/api/issuing/tokens</Link>
Issuing | Issuing Tokens Network Data | issuing_token_network_data_read | Grants access to <Link>Issuing Tokens|https://docs.stripe.com/api/issuing/tokens</Link> Network Data
Issuing | Transactions | issuing_transaction_read, issuing_transaction_write | Grants access to <Link>Transactions|https://stripe.com/docs/api/issuing/transactions</Link>
Money Management | Recipient Verifications | recipient_verification_read | Grants access to Money Management Recipient Verifications
Orders | Orders | order_read, order_write | Grants access to <Link>Orders|https://stripe.com/docs/api/orders_v2</Link>
Orders | SKUs | sku_read, sku_write | Grants access to Terminal SKUs and <Link>SKU|https://stripe.com/docs/api/terminal/hardware_skus</Link> events
Provisioning | Provisioning Account Requests | provisioning_account_request_read, provisioning_account_request_write | Grants access to Provisioning Account Requests
Provisioning | Provisioning Projects | provisioning_project_read, provisioning_project_write | Grants access to Provisioning Projects
Provisioning | Provisioning Resources | provisioning_resource_read, provisioning_resource_write | Grants access to Provisioning Resources
Radar | Reviews | review_read, review_write | Grants access to <Link>Reviews|https://stripe.com/docs/api/radar/reviews</Link>
Reporting | Report Runs and Report Types | report_runs_and_report_types_read | Grants access to <Link>Report Types|https://stripe.com/docs/api/reporting/report_type</Link> and allows creation of <Link>Report Runs|https://stripe.com/docs/api/reporting/report_run</Link>.
Stripe Apps | Secrets | secret_read, secret_write | Grants access to <Link>Secrets|https://stripe.com/docs/api/secret_management</Link>. Apps can only access secrets they create.
Stripe Apps | User Email | user_email_read | Grants access to user emails
Tax | Tax Calculations and Transactions | tax_calculations_and_transactions_read, tax_calculations_and_transactions_write | Grants access to <Link>Tax Transactions|https://docs.stripe.com/api/tax/transactions</Link>
Tax | Tax Enrollment Information | tax_enrollment_information_read | Grants access to access to Tax Enrollment information
Tax | Tax Liability | tax_liability_read | Grants access to access to Tax Liability report
Tax | Tax Settings and Registrations | tax_settings_read, tax_settings_write | Grants access to <Link>Tax Settings|https://docs.stripe.com/api/tax/settings</Link> and <Link>Tax Registrations|https://docs.stripe.com/api/tax/registrations</Link>
Terminal | Configurations | terminal_configuration_read, terminal_configuration_write | Grants access to <Link>Configurations|https://stripe.com/docs/api/terminal/configuration</Link>
Terminal | Connection Tokens | terminal_connection_token_write | Grants access to <Link>Connection Tokens|https://stripe.com/docs/api/terminal/connection_tokens</Link>
Terminal | Locations | terminal_location_read, terminal_location_write | Grants access to <Link>Locations|https://stripe.com/docs/api/terminal/locations</Link>
Terminal | Readers | terminal_reader_read, terminal_reader_write | Grants access to <Link>Readers|https://stripe.com/docs/api/terminal/readers</Link>
Treasury | Transactions | treasury_transaction_read | Grants access to <Link>Treasury Transactions|https://docs.stripe.com/api/treasury/transactions</Link>
Webhook | Webhook Endpoints | webhook_read, webhook_write | Grants access to <Link>Webhook Endpoints|https://stripe.com/docs/api/webhook_endpoints</Link>
## Event permissions

For each [Event](https://docs.stripe.com/api/events/types.md) your app subscribes to, it must request at least one of the corresponding permissions.

## See also

- [App manifest reference](https://docs.stripe.com/stripe-apps/reference/app-manifest.md)
- [How UI extensions work](https://docs.stripe.com/stripe-apps/how-ui-extensions-work.md)