By default, you can use your account’s secret keys to perform any API request without restriction. When you run the
stripe login command to authenticate to the Stripe CLI, the CLI generates a set of restricted keys for your account (one test mode, one live mode) that’re valid for 90 days.
About restricted keys
Unlike an API secret key, a restricted key generated by the Stripe CLI has restrictions on the API requests that it can perform. You can create new restricted keys on the Dashboard with different restrictions, or specify any API key using the
Where keys are stored
The CLI stores the keys in the Restricted keys section on the API Keys page and your local machine in
Where to find permissions
Use these steps to view the permissions associated with your restricted key:
- Open the API keys page.
- Scroll down to the Restricted keys section.
- Hover over the info () icon next to your CLI key name to view permissions.
Specify an API key
- Use the
--api-keyflag to specify your API secret key inline each time you send a request.
stripe login --api-keysk_test_4eC39HqLyjWDarjtT1zdp7dc