Every call to a Stripe API must include an API secret key. After you create a Stripe account, we generate two pairs of API keys for you—a publishable client-side key and a secret server-side key—for both test and live modes. To start moving real money with your live-mode keys, you need to activate your account.
This guide walks you through a simple interaction with the Stripe API: creating a customer. For a fuller view of the API objects and how they fit together, take a tour of the API or visit the API reference documentation.
If you want to start accepting payments immediately, visit the payments docs.
Start experimenting with Stripe APIs using the Stripe Shell, which lets you run Stripe CLI commands directly from the Stripe docs site. The Stripe Shell operates exclusively in test mode, so you don’t have to worry about creating any real transactions that move money.
When you call Stripe APIs, Stripe creates and stores API and Events objects for your Stripe user account. The API key you specify for the request determines whether the objects are stored in test or live mode. For example, the last request used your API secret key so Stripe stored the objects in test mode.
All accounts have a total of four API keys by default—two for test mode and two for live mode:
Test mode secret key: Use this key to authenticate requests on your server when in test mode. By default, you can use this key to perform any API request without restriction.
Test mode publishable key: Use this key for testing purposes in your web or mobile app’s client-side code.
Live mode secret key: Use this key to authenticate requests on your server when in live mode. By default, you can use this key to perform any API request without restriction.
Live mode publishable key: Use this key, when you’re ready to launch your app, in your web or mobile app’s client-side code.
Testing and development
Use only your test API keys for testing and development. This ensures that you don’t accidentally modify your live customers or charges.
You can find your secret and publishable keys on the API keys page in the Developers Dashboard. While you’re logged in, Stripe documentation automatically populates code examples with your test mode API keys. (Only you can see these values). If you’re not logged in, our code examples include randomly generated API keys. Replace them with your own test keys or log in to see the code examples populated with your own test API keys. If you can’t view your API keys, ask the owner of your Stripe account to add you to their team with the proper permissions.
The following table shows randomly generated examples of secret and publishable test API keys:
Restricted API keys
The Dashboard can also include restricted API keys, which allow customizable limited access to the API. Stripe doesn’t provide any restricted keys by default.
When to use
On the server side: Must be secret and stored securely in your web or mobile app’s server-side code (such as in an environment variable or credential management system) to call Stripe APIs. Don’t expose this key on a website or embed it in a mobile application.
On the client side: Can be publicly accessible in your web or mobile app’s client-side code (such as checkout.js) to securely collect payment information, such as with Stripe Elements. By default, Stripe Checkout securely collects payment information.
A string that starts with rk_test_
In microservices: Must be secret and stored securely in your microservice code to call Stripe APIs. Don’t expose this key on a website or embed it in a mobile application.
Welcome to the Stripe Shell!
Stripe Shell is a browser-based shell with the Stripe CLI pre-installed. Log in to your
Stripe account and press Control + Backtick (`) on your keyboard to start managing your Stripe
resources in test mode.
- View supported Stripe commands:
- Find webhook events:
- Listen for webhook events:
- Call Stripe APIs: stripe [api resource] [operation] (e.g., )