Stripe - OAuth (NOT API Key) Integration

This post is to lobby for OAuth Integration with Stripe.

The primary reason is for Security and Control

Here is my logic flow:

  • Stripe is one of the most (if not the most) sensitive APIs that a 3rd party can tie in to.
        Stripe processes charges on real customers with real money
        Their API is fully functional, meaning that many sensitive tasks can be accomplished using the API
  • Stripe does not have the ability to make multiple API keys
  • If the Stripe API Keys are given to 3rd parties (As Klipfolio is asking), the safety of that key is now only as good as the weakest player
  • If, it is determined that a 3rd party has a "Trust" issue down the road, users must roll the API key in Stripe that is used by ALL applications (internal and 3rd party)
  • The act of having to roll and modify keys in multiple places is a lot of work and prone to errors.
  • Again, given the sensitive nature of payment processing, these errors can be devastating.

The Solution:

  • Klipfolio can implement OAuth (like they have with many other services)
  • By using OAuth, if there is a trust situation with Klipfolio (or any other internal or 3rd party application), the "blast radius" is limited to the one bad actor.
  • Klipfolio customers can quickly remove authorization or take the appropriate action - problem solved.

My 2 cents: Creating a new OAuth Flow should be easy since you have done this many times before and will provide an immense amount of value to your customers (perhaps the most of any OAuth integration written to date)



  • 0
    Meggan King

    Hi Stuart - The authentication for an API is decided by the API, so in this case Stripe has set the requirements. You can find out more here:



    You should reach out to Stripe and suggest this approach there.



  • 1
    Stuart Rench

    I have actually spoken with them about this.  Here is the link that they suggested following.


    Please let me know if you have any other questions.  

    Also, FYI, they have an IRC channel where engineers tend to hang out and get questions answered quickly. #stripe on freenode

  • 0
    Kenniy Olorunnimbe

    Hello Stuart,

    Thank you for sending that helpful link. The issue has been sent to development, and our team will work on it.

Please sign in to leave a comment.