API Keys

How to Create Stripe Restricted API Keys

202 views Updated about 2 months ago

For maximum security, we strongly recommend using Stripe's restricted API keys instead of full access secret keys.

Why Use Restricted Keys?

  • Limited permissions: Only grant access to the resources needed for migration
  • Enhanced security: Reduced risk if the key is ever compromised
  • Best practice: Follows Stripe's security recommendations
  • Easy to manage: Create and revoke specific permissions as needed

Creating a Restricted Key

Live Mode

  1. Go to https://dashboard.stripe.com/apikeys?type=restricted
  2. Click Create restricted key
  3. Grant the following permissions:
    • Products: Read
    • Prices: Read
    • Subscriptions: Read and Write
    • Coupons: Read
    • Customers: Read

Test Mode

  1. Go to https://dashboard.stripe.com/test/apikeys?type=restricted
  2. Follow the same steps as above

Standard Secret Keys

If you prefer to use standard secret keys (sklive* or sktest*), they will work but provide full account access.

Security Tips

  • Never share your API keys
  • Use restricted keys whenever possible
  • Regularly rotate your keys
  • Monitor API key usage in your Stripe dashboard
Back to Help Center