Managing your account

This guide will cover some of the basics of setting up and using your account.

Now that you've finished the basics of integrating Stripe into your website, here are a few of the account features and processes you'll probably want to understand:

  • Live mode and testing
  • API Keys
  • Activating your account
  • Keeping your account safe

Live mode and testing

Every account is divided into two universes: one for testing, and one for running on your live website. All API requests exist in one of those two universes, and objects in one universe cannot be manipulated by objects in the other.

In test mode, credit card transactions don't go through the actual credit card network — instead, they go through simple checks in Stripe to validate that they look like they might be credit cards. In test mode you can use any combination of credit card data that passes these simple checks, discussed more on our testing page.

API Keys

Related to these universes are your API keys. Each key exists either in the live universe or in the test universe, and this is how Stripe tells what universe you are interacting with. You should only use your test API keys for testing. This will make sure that you don't accidentally modify your live customers or charges.

In addition to live and test mode, there are also two types of keys: secret and publishable keys.

Publishable API keys are meant solely to identify your account with Stripe, they aren't secret. In other words, they can safely be published in places like your Stripe.js JavaScript code, or in an Android or iPhone app. Publishable keys only have the power to create tokens.

Secret API keys should never be published, and must be kept confidentially on your own servers. These keys can perform any API request to Stripe without restriction.

Activating your account

Before activating your account, you can only interact with Stripe in test mode. With the exception of the ability to make a real charge to a credit card, all of Stripe's features are available in test mode.

Activating your account is a simple process: you fill out a form requesting some basic information about your product, your business, and your own personal relationship to your business. Once you've activated your account, you can immediately start using the live API and charge real cards.

Your account details are reviewed internally to ensure they comply with our terms of service. If we see a problem, we'll get in touch right away so that we can try to resolve it as quickly as possible.

Keeping your account safe

Once you've got your account set up, you'll want to keep it safe. Here's our recommendations:

  • Keep private information private. Your password should be known only to you, and your secret API keys kept confidentially on your own servers. As a reminder, Stripe employees will never ask you for them.

  • Don't reuse your Stripe password. Your password should be unique to Stripe. If you use your password on another site and that site is compromised, an attacker could use those stolen credentials to take over your account.

  • Update your computer and browser regularly. We recommend configuring your computer to automatically download and install updates. (OS X, Windows) This helps protect your system against automated attacks and malware.

  • Beware of phishing. All genuine Stripe sites use the domain and are HTTPS. If you get an email from us that you don't expect, go directly to our site to log in. Do not enter your password after clicking a link in email. If you're ever not sure it's really us, here's what to do.

  • Add your mobile number to your account. If you do, we'll text you a short numeric code when you log in from a new device to confirm you're you. This means even if someone steals your username and password, they won't be able to log in.

    To enable this feature, go to the General section of your account settings page and enable Two-step verification.

Next up

Congrats! You've gone through the basics of using Stripe.