Skip to main content

Stripe Keys

Description#

General#

  • Documentation: https://stripe.com/docs/api
  • Summary: Stripe offers payment processing software and application programming interfaces (APIs) for e-commerce websites and mobile application. As an API providing financial related information, the corresponding API key is highly sensitive.
  • IPs allowlist: This feature is not mentioned in the API documentation.
  • Scopes: By default Stripe API keys have a full access to all the API features. Yet, the user can easily create restricted API keys from the Dashboard and specify which accesses are granted to the key. See this documentation for more details.

Revoke the secret#

Stripe Keys can be revoked or rolled from the Dashboard. See this documentation for more details.

Check for suspicious activity#

A requests log is available for every Stripe Key.

Details for Stripe#

  • Family: Api

  • Category: Payment system

  • Company: Stripe

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 8.29

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator  patterns:  - '[sr]k'- type: ContentWhitelistPreValidator  patterns:  - _live_

Examples#

- text: "+  stripe_secret_key: sk_live_epISNGSkdeXov2frTey7RHAi"  apikey: sk_live_epISNGSkdeXov2frTey7RHAi- text: "#   stripe_api_key: sk_live_EeHnL644i6zo4Iyq4v1KdV8H"  apikey: sk_live_EeHnL644i6zo4Iyq4v1KdV8H- text: "stripe_api_key: sk_live_EeHnL644i6zo4Iyq4v1KdV9H"  apikey: sk_live_EeHnL644i6zo4Iyq4v1KdV9H