The Stripe API is organized around REST. Our API has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors. We use built-in HTTP features, like HTTP authentication and HTTP verbs, which are understood by off-the-shelf HTTP clients. We support cross-origin resource sharing, allowing you to interact securely with our API from a client-side web application (though you should never expose your secret API key in any public website's client-side code). JSON is returned by all API responses, including errors, although our API libraries convert responses to appropriate language-specific objects.
To make the API as explorable as possible, accounts have test mode and live mode API keys. There is no "switch" for changing between modes, just use the appropriate key to perform a live or test transaction. Requests made with test mode credentials never hit the banking networks and incur no cost.
Be sure to subscribe to Stripe's API announce mailing list to receive information on new additions and changes to Stripe's API and language libraries.
Authenticate your account by including your secret key in API requests. You can manage your API keys in the Dashboard. Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such GitHub, client-side code, and so forth.
To use your API key, assign it to
Stripe.api_key. The Ruby library will then automatically send this key in each request.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.
require "stripe" Stripe.api_key = "sk_test_BQokikJOvBiI2HlWgH4olfQ2"
You can also set a per-request key like in the example below. This is often useful for Connect applications that use multiple API keys during the lifetime of a process.
Authentication is transparently handled for you in subsequent method calls on the returned object.
Stripe::Charge.retrieve( "ch_1CobUR2eZvKYlo2CqX8SIE7O", :api_key => "sk_test_BQokikJOvBiI2HlWgH4olfQ2" )
A sample test API key is included in all the examples here, so you can test any example right away. To test requests using your account, replace the sample API key with your actual API key.