Permissions referenceBeta
A Stripe App needs permission to read or write user data. This includes these situations:
- Accessing Stripe API objects—see Object permissions
- Subscribing to events—see Event permissions
To request permissions, list them in the permissions array in your app manifest file. You can also manage this array from the CLI. Account administrators that install your app must accept the permissions that you list before using it.
If your app performs an action it lacks permissions for, Stripe might raise an invalid request error.
Manage permissions
You can add a permission to the permissions array in your stripe-app.json app manifest file using the following command:
stripe apps grant permission "PERMISSION_NAME" "EXPLANATION"
Replace:
PERMISSION_NAME: The name of the permission you’d like to add. See possible permission names.EXPLANATION: Explanation for enabling access. Users see this explanation when they install your app.
Repeat this step for each new permission that you want to add to your application.
After you add your permission, your app manifest file should look like this:
To remove a permission, you can also use the CLI:
stripe apps revoke permission "PERMISSION_NAME"
Object permissions
For each API object your app reads or writes, it must request at least one of the corresponding permissions.
If you are expanding objects in the responses of your API requests, you must also request at least one corresponding permission for each API object you expand.
| Resource | Permission | Description |
|---|---|---|
| Account | connected_account_read | Grants access to read Accounts |
| Account link | account_link_write | Grants access to Account Links |
| Apple Pay Domain | apple_pay_domain_read, apple_pay_domain_write | Grants access to Apple Pay Domain resources. To use Apple Pay, you need to register your web domains with Apple. You can find more information here |
| Application Fee | application_fee_read, application_fee_write | Grants access to Application Fees |
| Balance | balance_read | Grants access to Balance |
Balance transaction source |
| Grants access to expand the This permission also implies the following permissions: |
| Billing clock | billing_clock_read, billing_clock_write | Grants access to Test clocks |
| Charge | charge_read, charge_write | Grants access to Charges |
Checkout Session |
| Grants access to Sessions This permission also implies the following permissions: |
| Configuration | terminal_configuration_read, terminal_configuration_write | Grants access to Configurations |
| Connection Token | terminal_connection_token_write | Grants access to Connection Tokens |
| Coupon | coupon_read, coupon_write | Grants access to Coupons |
Credit note |
| Grants access to Credit Notes This permission also implies the following permissions: |
Customer portal |
| Grants access to Customer Portal If you’re using the customer portal to manage subscriptions or payment methods, you must also request |
Customer |
| Grants access to Customers This permission also implies the following permission: |
| Data Store | datastore_read, datastore_write | Grants access to Data Store |
| Dispute | dispute_read, dispute_write | Grants access to Disputes |
| Edit link | edit_link_write | Grants access to Login Links |
| Elements | elements_write | Grants access to Stripe.js Elements |
| Event | event_read | Grants access to Events |
| File | file_read, file_write | Grants access to Files |
Invoice |
| Grants access to Invoices This permission also implies the following permission: |
| Issuing authorization | issuing_authorization_read, issuing_authorization_write | Grants access to Authorizations |
| Issuing card | issuing_card_read, issuing_card_write | Grants access to Cards |
| Issuing cardholder | issuing_cardholder_read, issuing_cardholder_write | Grants access to Cardholders |
| Issuing dispute | issuing_dispute_read, issuing_dispute_write | Grants access to Issuing Disputes |
| Issuing transaction | issuing_transaction_read, issuing_transaction_write | Grants access to Transactions |
| Location | terminal_location_read, terminal_location_write | Grants access to Locations |
| Mandate | mandate_read, mandate_write | Grants access to Mandates |
| Order | order_read, order_write | Grants access to Orders |
Payment intent |
| Grants access to PaymentIntents If you’re managing PaymentIntents with Stripe.js Elements, you must also request This permission also implies the following permissions: |
Payment links |
| Grants access to Payment Links This permission also implies the following permissions: |
Payment method |
| Grants access to PaymentMethods This permission also implies the following permission: |
| Payout | payout_read, payout_write | Grants access to Payouts |
| Plan | plan_read, plan_write | Grants access to Plans |
| Product | product_read, product_write | Grants access to Products |
Quote |
| Grants access to Quotes This permission also implies the following permissions: |
| Reader | terminal_reader_read, terminal_reader_write | Grants access to Readers |
| Report Runs and Report Types | report_runs_and_report_types_read | Grants read access to Report Types and allows creation of Report Runs |
| Secret | secret_write | Grants access to Secrets |
Setup Intent |
| Grants access to SetupIntents If you’re managing SetupIntents with Stripe.js Elements, you must also request This permission also implies the following permission: |
| SKU | sku_read, sku_write | Grants access to SKUs |
| Source | source_read, source_write | Grants access to Sources |
| Subscription | subscription_read, subscription_write | Grants access to Subscriptions |
| Tax rate | tax_rate_read, tax_rate_write | Grants access to Tax Rates |
| Token | token_read, token_write | Grants access to Tokens |
| Top up | top_up_read, top_up_write | Grants access to Top-ups |
Transfer |
| Grants access to Transfers This permission also implies the following permission: |
| Usage record | usage_record_read, usage_record_write | Grants access to Usage Records |
| User Email | user_email_read | Grants access to user emails |
| Webhook | webhook_read | Grants access to Webhook Endpoints |
Event permissions
For each Event your app subscribes to, it must request at least one of the corresponding permissions.