Sign in
An image of the Stripe logo
Create account
Sign in
Home
Payments
Business operations
Financial services
Developer tools
No-code
All products
Home
Payments
Business operations
Home
Payments
Business operations
Financial services
Developer tools
Overview
Developer tools
SDKs
Sample projects
Videos
Stripe Apps
    Overview
    Get started
    Create an app
    How Stripe Apps work
    Sample apps
    Development
    Store secrets
    Authorization flows
    Server-side logic
    App settings page
    Build a UI
    Onboarding
    UI design
    Design your app
    Style your app
    Design patterns
    Components
    Share and distribute
    Distribution options
    Upload your app
    Test your app
    Publish your app
    Promote your app
    Add deep links
    Versions and releases
    Post-install actions
    Metrics and analytics
    Reference
    App manifest
    CLI
    Extension SDK
    Permissions
    Viewports
    Extensions
    Migrate to Stripe Apps
Stripe Connectors
Partners
HomeDeveloper tools

Permissions reference
Beta

A list of available events and their required permissions.

A Stripe App needs permission to read or write user data. This includes these situations:

  • Accessing Stripe API objects—see Object permissions
  • Subscribing to events—see Event permissions

To request permissions, list them in the permissions array in your app manifest file. You can also manage this array from the CLI. Account administrators that install your app must accept the permissions that you list before using it.

If your app performs an action it lacks permissions for, Stripe might raise an invalid request error.

Manage permissions

You can add a permission to the permissions array in your stripe-app.json app manifest file using the following command:

Command Line
stripe apps grant permission "PERMISSION_NAME" "EXPLANATION"

Replace:

  • PERMISSION_NAME: The name of the permission you’d like to add. See possible permission names.
  • EXPLANATION: Explanation for enabling access. Users see this explanation when they install your app.

Repeat this step for each new permission that you want to add to your application.

After you add your permission, your app manifest file should look like this:

To remove a permission, you can also use the CLI:

Command Line
stripe apps revoke permission "PERMISSION_NAME"

Object permissions

For each API object your app reads or writes, it must request at least one of the corresponding permissions.

If you are expanding objects in the responses of your API requests, you must also request at least one corresponding permission for each API object you expand.

ResourcePermissionDescription
Accountconnected_account_readGrants access to read Accounts
Account linkaccount_link_writeGrants access to Account Links
Apple Pay Domainapple_pay_domain_read, apple_pay_domain_writeGrants access to Apple Pay Domain resources. To use Apple Pay, you need to register your web domains with Apple. You can find more information here
Application Feeapplication_fee_read, application_fee_writeGrants access to Application Fees
Balancebalance_readGrants access to Balance

Balance transaction source

balance_transaction_source_read

Grants access to expand the source attribute when retrieving Balance Transactions

This permission also implies the following permissions: application_fee_read, balance_read, transfer_read

Billing clockbilling_clock_read, billing_clock_writeGrants access to Test clocks
Chargecharge_read, charge_writeGrants access to Charges

Checkout Session

checkout_session_read, checkout_session_write

Grants access to Sessions

This permission also implies the following permissions: mandate_read, payment_intent_read, payment_links_read, product_read, setup_intent_read, sku_read

Configurationterminal_configuration_read, terminal_configuration_writeGrants access to Configurations
Connection Tokenterminal_connection_token_writeGrants access to Connection Tokens
Couponcoupon_read, coupon_writeGrants access to Coupons

Credit note

credit_note_read, credit_note_write

Grants access to Credit Notes

This permission also implies the following permissions: invoice_read,

Customer portal

customer_portal_read, customer_portal_write

Grants access to Customer Portal

If you’re using the customer portal to manage subscriptions or payment methods, you must also request elements_write.

Customer

customer_read, customer_write

Grants access to Customers

This permission also implies the following permission: billing_clock_read.

Data Storedatastore_read, datastore_writeGrants access to Data Store
Disputedispute_read, dispute_writeGrants access to Disputes
Edit linkedit_link_writeGrants access to Login Links
Elementselements_writeGrants access to Stripe.js Elements
Eventevent_readGrants access to Events
Filefile_read, file_writeGrants access to Files

Invoice

invoice_read, invoice_write

Grants access to Invoices

This permission also implies the following permission: credit_note_read

Issuing authorizationissuing_authorization_read, issuing_authorization_writeGrants access to Authorizations
Issuing cardissuing_card_read, issuing_card_writeGrants access to Cards
Issuing cardholderissuing_cardholder_read, issuing_cardholder_writeGrants access to Cardholders
Issuing disputeissuing_dispute_read, issuing_dispute_writeGrants access to Issuing Disputes
Issuing transactionissuing_transaction_read, issuing_transaction_writeGrants access to Transactions
Locationterminal_location_read, terminal_location_writeGrants access to Locations
Mandatemandate_read, mandate_writeGrants access to Mandates
Orderorder_read, order_writeGrants access to Orders

Payment intent

payment_intent_read, payment_intent_write

Grants access to PaymentIntents

If you’re managing PaymentIntents with Stripe.js Elements, you must also request elements_write.

This permission also implies the following permissions: product_read, sku_read

Payment links

payment_links_read, payment_links_write

Grants access to Payment Links

This permission also implies the following permissions: mandate_read, product_read, sku_read

Payment method

payment_method_read, payment_method_write

Grants access to PaymentMethods

This permission also implies the following permission: source_read

Payoutpayout_read, payout_writeGrants access to Payouts
Planplan_read, plan_writeGrants access to Plans
Productproduct_read, product_writeGrants access to Products

Quote

quote_read, quote_write

Grants access to Quotes

This permission also implies the following permissions: sku_read, product_read

Readerterminal_reader_read, terminal_reader_writeGrants access to Readers
Report Runs and Report Typesreport_runs_and_report_types_readGrants read access to Report Types and allows creation of Report Runs
Secretsecret_writeGrants access to Secrets

Setup Intent

setup_intent_read, setup_intent_write

Grants access to SetupIntents

If you’re managing SetupIntents with Stripe.js Elements, you must also request elements_write.

This permission also implies the following permission: mandate_read

SKUsku_read, sku_writeGrants access to SKUs
Sourcesource_read, source_writeGrants access to Sources
Subscriptionsubscription_read, subscription_writeGrants access to Subscriptions
Tax ratetax_rate_read, tax_rate_writeGrants access to Tax Rates
Tokentoken_read, token_writeGrants access to Tokens
Top uptop_up_read, top_up_writeGrants access to Top-ups

Transfer

transfer_read, transfer_write

Grants access to Transfers

This permission also implies the following permission: payout_read

Usage recordusage_record_read, usage_record_writeGrants access to Usage Records
User Emailuser_email_readGrants access to user emails
Webhookwebhook_readGrants access to Webhook Endpoints

Event permissions

For each Event your app subscribes to, it must request at least one of the corresponding permissions.

Loading...

See also

  • App manifest reference
  • How UI extensions work
Was this page helpful?
Need help? Contact Support.
Watch our developer tutorials.
Check out our product changelog.
Questions? Contact Sales.
Powered by Markdoc
You can unsubscribe at any time. Read our privacy policy.
On this page
Manage permissions
Object permissions
Event permissions
See also
Stripe Shell
Test mode
Welcome to the Stripe Shell! Stripe Shell is a browser-based shell with the Stripe CLI pre-installed. Login to your Stripe account and press Control + Backtick on your keyboard to start managing your Stripe resources in test mode. - View supported Stripe commands: - Find webhook events: - Listen for webhook events: - Call Stripe APIs: stripe [api resource] [operation] (e.g. )
The Stripe Shell is best experienced on desktop.
$