Every Stripe account has API keys that are used to authenticate API requests. Such requests cannot be completed without these keys, and each account has separate API keys for testing and running live transactions.
Your Stripe account has publishable and secret API keys. The Stripe publishable key is used to identify your account with Stripe. Just as the name suggests, this key can be used on websites and other platforms (eg. mobile devices) as well.
The secret API keys have to be stored on your servers in order to keep them confidential. Your Stripe account’s secret API key can perform any API request.
You can find your Stripe API keys in your account’s dashboard. However, if you cannot see them, you probably have no access to them due to security reasons. If that is the case, you have to contact the account’s owner to obtain an administrator or developer role to gain access.
Once you have access, follow these steps:
Test and live modes function almost identically with a couple of differences:
Would you like to know if your website is properly configured to accept credit and debit card payments? Your best bet is to run a Stripe credit card test. WP Full Stripe comes with a feature that enables you to run test mode transactions using your Stripe test API keys. See instructions below.
If the API keys and the Stripe API mode are configured properly then create a payment form, and insert it into a page.
Running a Stripe credit card test:
Your Stripe secret API keys can be used for any API call such as charging or refunding; therefore, they have to be stored in a secure digital environment. When you generate a new secret key in live mode, it’s only visible for that first time. Later, the dashboard automatically redacts it. In case your secret API key is compromised, you have the option to “roll the key”, in other words, to block it and generate a new one.
As your Stripe secret API key can be used for any kind of API request without limitation, you might want to add another layer of security to keep it safe. You can create restricted API keys that enable you to limit associated access and permissions. Restricted keys are available to reduce the risks when building or using microservices and they can be revoked any time if not needed anymore. However, they cannot be used for the development of your Stripe integration. During development, use your test API keys, and once the integration is live, use your live API keys.
Stay on top of the latest news about WP Full Stripe