Stripe Application Secrets API
Secret Store is an API that allows Stripe Apps developers to securely persist secrets for use by UI Extensions and app backends.
OpenAPI Specification
openapi: 3.0.0
info:
title: Stripe Application Secrets API
description: >-
Secret Store is an API that allows Stripe Apps developers to securely
persist secrets for use by UI Extensions and app backends.
contact:
email: [email protected]
name: Stripe Dev Platform Team
url: https://stripe.com
termsOfService: https://stripe.com/us/terms/
version: '2023-10-16'
x-stripeSpecFilename: spec3
security:
- basicAuth: []
- bearerAuth: []
servers:
- url: https://api.stripe.com/
paths:
/v1/apps/secrets:
get:
description: <p>List all secrets stored on the given scope.</p>
operationId: getAppsSecrets
parameters:
- description: >-
A cursor for use in pagination. `ending_before` is an object ID that
defines your place in the list. For instance, if you make a list
request and receive 100 objects, starting with `obj_bar`, your
subsequent call can include `ending_before=obj_bar` in order to
fetch the previous page of the list.
in: query
name: ending_before
required: false
schema:
maxLength: 5000
type: string
style: form
- description: Specifies which fields in the response should be expanded.
explode: true
in: query
name: expand
required: false
schema:
items:
maxLength: 5000
type: string
type: array
style: deepObject
- description: >-
A limit on the number of objects to be returned. Limit can range
between 1 and 100, and the default is 10.
in: query
name: limit
required: false
schema:
type: integer
style: form
- description: >-
Specifies the scoping of the secret. Requests originating from UI
extensions can only access account-scoped secrets or secrets scoped
to their own user.
explode: true
in: query
name: scope
required: true
schema:
properties:
type:
enum:
- account
- user
type: string
user:
maxLength: 5000
type: string
required:
- type
title: scope_param
type: object
style: deepObject
- description: >-
A cursor for use in pagination. `starting_after` is an object ID
that defines your place in the list. For instance, if you make a
list request and receive 100 objects, ending with `obj_foo`, your
subsequent call can include `starting_after=obj_foo` in order to
fetch the next page of the list.
in: query
name: starting_after
required: false
schema:
maxLength: 5000
type: string
style: form
requestBody:
content:
application/x-www-form-urlencoded:
encoding: {}
schema:
additionalProperties: false
properties: {}
type: object
required: false
responses:
'200':
content:
application/json:
schema:
description: ''
properties:
data:
items:
$ref: '#/components/schemas/apps.secret'
type: array
has_more:
description: >-
True if this list has another page of items after this one
that can be fetched.
type: boolean
object:
description: >-
String representing the object's type. Objects of the same
type share the same value. Always has the value `list`.
enum:
- list
type: string
url:
description: The URL where this list can be accessed.
maxLength: 5000
pattern: ^/v1/apps/secrets
type: string
required:
- data
- has_more
- object
- url
title: SecretServiceResourceSecretList
type: object
x-expandableFields:
- data
description: Successful response.
default:
content:
application/json:
schema:
$ref: '#/components/schemas/error'
description: Error response.
summary: Stripe Get Apps Secrets
x-api-evangelist-processing:
GenerateOperationSummariesFromPath: true
PascalCaseOperationSummaries: true
CaselCaseOperationIds: true
ChooseTags: true
tags:
- Applications
- Get
- Secrets
post:
description: <p>Create or replace a secret in the secret store.</p>
operationId: postAppsSecrets
requestBody:
content:
application/x-www-form-urlencoded:
encoding:
expand:
explode: true
style: deepObject
scope:
explode: true
style: deepObject
schema:
additionalProperties: false
properties:
expand:
description: Specifies which fields in the response should be expanded.
items:
maxLength: 5000
type: string
type: array
expires_at:
description: >-
The Unix timestamp for the expiry time of the secret, after
which the secret deletes.
format: unix-time
type: integer
name:
description: A name for the secret that's unique within the scope.
maxLength: 5000
type: string
payload:
description: The plaintext secret value to be stored.
maxLength: 5000
type: string
scope:
description: >-
Specifies the scoping of the secret. Requests originating
from UI extensions can only access account-scoped secrets or
secrets scoped to their own user.
properties:
type:
enum:
- account
- user
type: string
user:
maxLength: 5000
type: string
required:
- type
title: scope_param
type: object
required:
- name
- payload
- scope
type: object
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/apps.secret'
description: Successful response.
default:
content:
application/json:
schema:
$ref: '#/components/schemas/error'
description: Error response.
summary: Stripe Post Apps Secrets
x-api-evangelist-processing:
GenerateOperationSummariesFromPath: true
PascalCaseOperationSummaries: true
CaselCaseOperationIds: true
ChooseTags: true
tags:
- Applications
- Post
- Secrets
/v1/apps/secrets/delete:
post:
description: <p>Deletes a secret from the secret store by name and scope.</p>
operationId: postAppsSecretsDelete
requestBody:
content:
application/x-www-form-urlencoded:
encoding:
expand:
explode: true
style: deepObject
scope:
explode: true
style: deepObject
schema:
additionalProperties: false
properties:
expand:
description: Specifies which fields in the response should be expanded.
items:
maxLength: 5000
type: string
type: array
name:
description: A name for the secret that's unique within the scope.
maxLength: 5000
type: string
scope:
description: >-
Specifies the scoping of the secret. Requests originating
from UI extensions can only access account-scoped secrets or
secrets scoped to their own user.
properties:
type:
enum:
- account
- user
type: string
user:
maxLength: 5000
type: string
required:
- type
title: scope_param
type: object
required:
- name
- scope
type: object
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/apps.secret'
description: Successful response.
default:
content:
application/json:
schema:
$ref: '#/components/schemas/error'
description: Error response.
summary: Stripe Post Apps Secrets Delete
x-api-evangelist-processing:
GenerateOperationSummariesFromPath: true
PascalCaseOperationSummaries: true
CaselCaseOperationIds: true
ChooseTags: true
tags:
- Applications
- Delete
- Post
- Secrets
/v1/apps/secrets/find:
get:
description: <p>Finds a secret in the secret store by name and scope.</p>
operationId: getAppsSecretsFind
parameters:
- description: Specifies which fields in the response should be expanded.
explode: true
in: query
name: expand
required: false
schema:
items:
maxLength: 5000
type: string
type: array
style: deepObject
- description: A name for the secret that's unique within the scope.
in: query
name: name
required: true
schema:
maxLength: 5000
type: string
style: form
- description: >-
Specifies the scoping of the secret. Requests originating from UI
extensions can only access account-scoped secrets or secrets scoped
to their own user.
explode: true
in: query
name: scope
required: true
schema:
properties:
type:
enum:
- account
- user
type: string
user:
maxLength: 5000
type: string
required:
- type
title: scope_param
type: object
style: deepObject
requestBody:
content:
application/x-www-form-urlencoded:
encoding: {}
schema:
additionalProperties: false
properties: {}
type: object
required: false
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/apps.secret'
description: Successful response.
default:
content:
application/json:
schema:
$ref: '#/components/schemas/error'
description: Error response.
summary: Stripe Get Apps Secrets Find
x-api-evangelist-processing:
GenerateOperationSummariesFromPath: true
PascalCaseOperationSummaries: true
CaselCaseOperationIds: true
ChooseTags: true
tags:
- Applications
- Find
- Get
- Secrets
components:
schemas:
error:
description: An error response from the Stripe API
properties:
error:
$ref: '#/components/schemas/api_errors'
required:
- error
type: object
apps.secret:
description: >-
Secret Store is an API that allows Stripe Apps developers to securely
persist secrets for use by UI Extensions and app backends.
The primary resource in Secret Store is a `secret`. Other apps can't
view secrets created by an app. Additionally, secrets are scoped to
provide further permission control.
All Dashboard users and the app backend share `account` scoped secrets.
Use the `account` scope for secrets that don't change per-user, like a
third-party API key.
A `user` scoped secret is accessible by the app backend and one specific
Dashboard user. Use the `user` scope for per-user secrets like per-user
OAuth tokens, where different users might have different permissions.
Related guide: [Store data between page
reloads](https://stripe.com/docs/stripe-apps/store-auth-data-custom-objects)
properties:
created:
description: >-
Time at which the object was created. Measured in seconds since the
Unix epoch.
format: unix-time
type: integer
deleted:
description: If true, indicates that this secret has been deleted
type: boolean
expires_at:
description: >-
The Unix timestamp for the expiry time of the secret, after which
the secret deletes.
format: unix-time
nullable: true
type: integer
id:
description: Unique identifier for the object.
maxLength: 5000
type: string
livemode:
description: >-
Has the value `true` if the object exists in live mode or the value
`false` if the object exists in test mode.
type: boolean
name:
description: A name for the secret that's unique within the scope.
maxLength: 5000
type: string
object:
description: >-
String representing the object's type. Objects of the same type
share the same value.
enum:
- apps.secret
type: string
payload:
description: The plaintext secret value to be stored.
maxLength: 5000
nullable: true
type: string
scope:
$ref: '#/components/schemas/secret_service_resource_scope'
required:
- created
- id
- livemode
- name
- object
- scope
title: SecretServiceResourceSecret
type: object
x-expandableFields:
- scope
x-resourceId: apps.secret
securitySchemes:
basicAuth:
description: >-
Basic HTTP authentication. Allowed headers-- Authorization: Basic
<api_key> | Authorization: Basic <base64 hash of `api_key:`>
scheme: basic
type: http
bearerAuth:
bearerFormat: auth-scheme
description: >-
Bearer HTTP authentication. Allowed headers-- Authorization: Bearer
<api_key>
scheme: bearer
type: http
tags:
- name: Applications
- name: Delete
- name: Find
- name: Get
- name: Post
- name: Secrets