Stripe API keys and test transactions

Stripe API requests are authenticated by your account’s API keys. They must be included when making an API request, otherwise, your request could not be completed. Every Stripe account has separate keys for testing and for running live transactions.

There are two types of API keys: publishable and secret. Each and every account has four keys; a publishable and secret key pair for live and test modes.

  • Publishable API keys: These keys are used to identify your account with Stripe. As the name suggests, they are publishable, therefore, they can be used on websites available to the public.
  • Secret API keys: These keys have to be stored properly on your own servers in order to keep them confidential. Your Stripe account’s secret API key can perform any API request.

Getting your Stripe API keys

Find your API keys in your Stripe account’s dashboard. In case you cannot see them, you probably don’t have access to them. In such a case, make sure to contact the account’s owner to obtain an administrator or developer role to gain access. Once you have proper access, follow the next steps:

  • Sign in to your Stripe account
  • On your dashboard, click on Developers then API keys
  • On the “API keys” page, you can find both of your publishable and secret keys under “Standard keys”. However, to reveal your secret key, click on “Reveal live key” button.
  • Test payments are called “Test mode” and real payments are called “Live mode” in your Stripe account. To switch between these two, click on the “View test data” toogle in the menu on the left. Please note that each mode has different keys.

Find a short video below on how to obtain your test and live API keys:

Test and live modes

Both modes function quite similarly, with a couple of differences.

  • In test mode, payments are not processed by financial institutions, and only test payment information can be used for this purpose.
  • Webhooks that were not successfully delivered are attempted three times in a few hours, in contrast to 72 hours for live mode.
  • Using Sources for payment methods requires more steps in live mode than in test mode. The same applies to disputes.

How to keep your keys safe

Your secret API key can be used for API calls such as charging or refunding; therefore, it should be kept in a safe digital environment. Think of them as passwords. Make sure to make a note on your Dashboard regarding where you copied the given secret API key. In case your secret API key is compromised, you have the option to “roll the key”, in other words, to block it and generate a new one.

Additional security

As your secret API keys can be used for any kind of API request without limitation, you might want to add another layer of security to keep them safe. You can create restricted API keys that enable you to limit access and permissions to them. If you choose to create a restricted key, the level of access will go down to a minimum which is essential for the service but without giving out additional account data that it doesn’t need to operate efficiently. Restricted keys are available to reduce the risks when building or using microservices and they can be revoked any time if not needed anymore. However, they cannot be used for the development of your Stripe integration. During development, use your test API keys, and once the integration is live, use your live API keys.

Making a test transaction with WP Full Stripe

Here you can find a detailed tutorial on how to run a test transaction.

Setting up your test transaction:

  1. Locate your test API keys (see above on how to do so)
  2. Copy and paste the test API keys into their respective fields on the “Full Stripe / Settings / Stripe” page in WP admin. (Copy your test publishable Key into the Stripe Test Publishable Key field, then do the same for your test secret Key)
  3. Make sure that the “API mode” option is set to “Test”
  4. Save changes

Running a test transaction

You can run a test transaction if you have a payment, subscription or donation form that is already created and published.

  1. Open the payment page of your website in a browser
  2. In the card input field of the form, enter
    • Card number: 4242 4242 4242 4242
    • The expiry date can be any date in the future
    • Use “123” as CVC
  3. Press the “Pay” button as you would if you were a customer
  4. And you are done! You should be redirected to the “successful payment” page on your website.

Still having trouble? Check out this short video on how to complete a test transaction:

Join our VIP list

Stay on top of the latest news about WP Full Stripe

Your email address added to our mailing list. Thank you.
We couldn’t add you to our mailing list. Please try again.
Enter a valid e-mail address.

Ready to add payment to your site?