Your guide to Stripe API keys

Every Stripe account has API keys that are used to authenticate API requests. Such requests cannot be completed without these keys, and each account has separate API keys for testing and running live transactions.

Your Stripe account has publishable and secret API keys. The Stripe publishable key is used to identify your account with Stripe. Just as the name suggests, this key can be used on websites and other platforms (eg. mobile devices) as well.

The secret API keys have to be stored on your servers in order to keep them confidential. Your Stripe account’s secret API key can perform any API request.

Where to find your Stripe API keys

You can find your Stripe API keys in your account’s dashboard. However, if you cannot see them, you probably have no access to them due to security reasons. If that is the case, you have to contact the account’s owner to obtain an administrator or developer role to gain access.

Once you have access, follow these steps:

  • Sign in to your Stripe account
  • On your dashboard, click on “Developers” then “API keys”
  • On the “API keys” page, you can find your Stripe test keys under “Standard keys”. To reveal your secret key, click on “Reveal live key”.
  • Test payments are called “Sandbox” mode and real payments are called “Live” mode in your Stripe account. To switch between these two, click on “View test data” in the hamburger menu on the left. Please note that each mode has different pair of keys (publishable + secret).

Live and test modes

Test and live modes function almost identically with a couple of differences:

  • In test mode, payments are not processed by financial institutions, thus only the test payment information can be used. If you are testing Stripe credit card payments, you should only use the test API keys.
  • Using Sources for payment methods requires more steps in live mode than in test mode, and the same applies to disputes.

Run a Stripe credit card test

Would you like to know if your website is properly configured to accept credit and debit card payments? Your best bet is to run a Stripe credit card test. WP Full Stripe comes with a feature that enables you to run test mode transactions using your Stripe test API keys. See instructions below.

  • Find your Stripe test keys (please refer to relevant section above)
  • Take note of your Stripe test API keys
  • Go to the “Full Stripe / Settings / Stripe” page on the Stripe dashboard
  • Enter the test publishable key and the test secret key to their respective fields
  • Make sure that the plugin is in test mode
  • Save settings

If the API keys and the Stripe API mode are configured properly then create a payment form, and insert it into a page.

Running a Stripe credit card test:

  • Open the page containing the payment form used for testing
  • Use the following dummy card number: 4242 4242 4242 4242
  • The expiry date can be any date in the future
  • Use “123” for CVC
  • Click pay as you would do if you were a customer
  • If all good, you should see a “Successful payment” banner or you should be redirected to a Thank you page on your website.

Keep your Stripe keys safe

Your Stripe secret API keys can be used for any API call such as charging or refunding; therefore, they have to be stored in a secure digital environment. When you generate a new secret key in live mode, it’s only visible for that first time. Later, the dashboard automatically redacts it. In case your secret API key is compromised, you have the option to “roll the key”, in other words, to block it and generate a new one.

Another layer of security

As your Stripe secret API key can be used for any kind of API request without limitation, you might want to add another layer of security to keep it safe. You can create restricted API keys that enable you to limit associated access and permissions. Restricted keys are available to reduce the risks when building or using microservices and they can be revoked any time if not needed anymore. However, they cannot be used for the development of your Stripe integration. During development, use your test API keys, and once the integration is live, use your live API keys.

Join our VIP list

Stay on top of the latest news about WP Full Stripe

Your email address added to our mailing list. Thank you.
We couldn’t add you to our mailing list. Please try again.
Enter a valid e-mail address.

Ready to add payment to your site?