Getting Started with Stripe Connect

This guide will walk you through the steps needed to integrate Stripe Connect into your site. If you need help, check out our answers to common questions or chat live with our developers in #stripe on freenode.

With Stripe Connect, you can access your users' Stripe accounts via the OAuth 2.0 protocol. The high-level steps are: registering an application, implementing the OAuth flow, and managing Stripe API access once a user has connected their Stripe account.

Registering an Application

First, you'll want to register an application. The application settings consist of details that will be displayed to your users (name, url, icon), and technical parameters for the OAuth spec (redirect_uri, client_id). You'll be able to edit these details in the application settings at any time.

Development-mode

To make it extra convenient for you to build your Stripe Connect integration, we've included a development client_id that will allow you to:

  • Set your redirect_uri to a non-HTTPS URL, or even localhost
  • Instead of having to fill out an entire account application while testing the connect flow, force-skip the account form
  • Get test access tokens for connected users

You'll be able to find your development client_id in your application settings.


Implementing the OAuth flow

Access tokens, effectively Stripe secret keys, are what allow you to make Stripe API requests on behalf of your users. They never expire but may be revoked by the user at any time.

To get access tokens for your users, you'll want to send them to Stripe. There, they'll connect or create an account and be redirected back with credentials you can use to get an access token.

Send your users to Stripe

Add a Stripe Connect button to your site to link your users to our Stripe Connect endpoint:

https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_32D88BD1qLklliziD7gYQvctJIhWBSQ7

For example:

Connect with Stripe

Be sure to include any other relevant parameters.

If a user already has a Stripe account, they'll be able to give you secure access in just a few clicks. Otherwise, we'll show them a co-branded form so they can start accepting payments instantly.

After the user connects or creates a Stripe account, we'll redirect them back to the redirect_uri you set in your application settings with a code parameter or an error.

Getting an access_token

You've got a code for your user. Now what? To swap this for an access_token, which acts like a secret API key, you'll need to make an extra POST request.

The response from this request will include the access_token, as well as other handy properties like stripe_publishable_key and stripe_user_id.

OAuth2 Libraries

If you don't want to do all the OAuth heavy lifting by yourself, feel free to use a third party OAuth2 library. The OAuth 2.0 site provides a small list of client libraries you may find useful.


Managing your users' Stripe accounts

Your application now has access to your user's Stripe account. Amazing!

Payments for your users

From charging a credit card to handling recurring billing, you'll be able to make Stripe API calls with your user's access_token and publishable_key. You won't be involved in the flow of funds—your users' earnings go straight into their individual Stripe accounts (to be transferred to the bank account they set up).

Note that we require Stripe.js for all applications—you won't be allowed to send credit card data directly from your server.

Full access to Stripe data

If you're interested in accessing and analyzing your users' Stripe data in interesting ways, check out our full API documentation.

Account information

You can retrieve details about a Stripe account you have access to, including the email address, statement descriptor, whether the account can currently make live charges, and so forth.

For more information, see the account API resource (note that you'll be using the access_token you received to make the API request). There's also an account.updated webhook event that will fire when the account status changes.

Webhooks

You can configure a webhook url in your application settings. All the webhooks for all your connected users will be sent to this endpoint.

It's important to note that while only test webhooks will be sent to your development webhook url, both live and test webhooks will be sent to your production webhook url. This is due to the fact that you can create both live and test objects under a production application—we'd recommend that you check the livemode when receiving an event webhook.

In addition to the normal documented response properties, user_id will be available at the top level and will identify which user the webhook is being sent for.

{
  "id": "evt_beydUINZlJV4Et",
  "livemode": true,
  "object": "event",
  "type": "customer.created",
  "user_id": "acct_fectIFr5Q6nLMD",
  "pending_webhooks": 2,
  "created": 1349654313,
  "data": {...}
}

For more information about webhooks, see the webhook documentation or event object reference.

Revoked Access

An account.application.deauthorized webhook event will be sent when a user revokes access to their account, so you can do any necessary credential cleanup on your servers.