Stripe Ephemeral Keys API
Stripe.js uses ephemeral keys to securely retrieve Card information from the Stripe API without publicly exposing your secret keys. You need to do some of the ephemeral key exchange on the server-side to set this up.
OpenAPI Specification
openapi: 3.0.0
info:
title: Stripe Ephemeral Keys API
description: >-
Stripe.js uses ephemeral keys to securely retrieve Card information from the
Stripe API without publicly exposing your secret keys. You need to do some
of the ephemeral key exchange on the server-side to set this up.
contact:
email: [email protected]
name: Stripe Dev Platform Team
url: https://stripe.com
termsOfService: https://stripe.com/us/terms/
version: '2023-10-16'
x-stripeSpecFilename: spec3
security:
- basicAuth: []
- bearerAuth: []
servers:
- url: https://api.stripe.com/
paths:
/v1/ephemeral_keys:
post:
description: <p>Creates a short-lived API key for a given resource.</p>
operationId: postEphemeralKeys
requestBody:
content:
application/x-www-form-urlencoded:
encoding:
expand:
explode: true
style: deepObject
schema:
additionalProperties: false
$ref: '#/components/schemas/PostEphemeralKeysRequest'
required: false
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ephemeral_key'
description: Successful response.
default:
content:
application/json:
schema:
$ref: '#/components/schemas/error'
description: Error response.
summary: Stripe Post Ephemeral Keys
x-api-evangelist-processing:
GenerateOperationSummariesFromPath: true
PascalCaseOperationSummaries: true
CaselCaseOperationIds: true
ChooseTags: true
tags:
- Keys
- Post
/v1/ephemeral_keys/{key}:
delete:
description: <p>Invalidates a short-lived API key for a given resource.</p>
operationId: deleteEphemeralKeysKey
parameters:
- in: path
name: key
required: true
schema:
maxLength: 5000
type: string
style: simple
requestBody:
content:
application/x-www-form-urlencoded:
encoding:
expand:
explode: true
style: deepObject
schema:
additionalProperties: false
$ref: '#/components/schemas/DeleteEphemeralKeysKeyRequest'
required: false
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ephemeral_key'
description: Successful response.
default:
content:
application/json:
schema:
$ref: '#/components/schemas/error'
description: Error response.
summary: Stripe Delete Ephemeral Keys Key
x-api-evangelist-processing:
GenerateOperationSummariesFromPath: true
PascalCaseOperationSummaries: true
CaselCaseOperationIds: true
ChooseTags: true
tags:
- Delete
- Keys
components:
schemas:
ephemeral_key:
description: ''
properties:
created:
description: >-
Time at which the object was created. Measured in seconds since the
Unix epoch.
format: unix-time
type: integer
expires:
description: >-
Time at which the key will expire. Measured in seconds since the
Unix epoch.
format: unix-time
type: integer
id:
description: Unique identifier for the object.
maxLength: 5000
type: string
livemode:
description: >-
Has the value `true` if the object exists in live mode or the value
`false` if the object exists in test mode.
type: boolean
object:
description: >-
String representing the object's type. Objects of the same type
share the same value.
enum:
- ephemeral_key
type: string
secret:
description: >-
The key's secret. You can use this value to make authorized requests
to the Stripe API.
maxLength: 5000
type: string
required:
- created
- expires
- id
- livemode
- object
title: EphemeralKey
type: object
x-expandableFields: []
x-resourceId: ephemeral_key
error:
description: An error response from the Stripe API
properties:
error:
$ref: '#/components/schemas/api_errors'
required:
- error
type: object
PostEphemeralKeysRequest:
type: object
properties:
customer:
description: >-
The ID of the Customer you'd like to modify using the resulting
ephemeral key.
maxLength: 5000
type: string
expand:
description: Specifies which fields in the response should be expanded.
items:
maxLength: 5000
type: string
type: array
issuing_card:
description: >-
The ID of the Issuing Card you'd like to access using the resulting
ephemeral key.
maxLength: 5000
type: string
nonce:
description: >-
A single-use token, created by Stripe.js, used for creating
ephemeral keys for Issuing Cards without exchanging sensitive
information.
maxLength: 5000
type: string
verification_session:
description: >-
The ID of the Identity VerificationSession you'd like to access
using the resulting ephemeral key
maxLength: 5000
type: string
DeleteEphemeralKeysKeyRequest:
type: object
properties:
expand:
description: Specifies which fields in the response should be expanded.
items:
maxLength: 5000
type: string
type: array
securitySchemes:
basicAuth:
description: >-
Basic HTTP authentication. Allowed headers-- Authorization: Basic
<api_key> | Authorization: Basic <base64 hash of `api_key:`>
scheme: basic
type: http
bearerAuth:
bearerFormat: auth-scheme
description: >-
Bearer HTTP authentication. Allowed headers-- Authorization: Bearer
<api_key>
scheme: bearer
type: http
tags:
- name: Delete
- name: Keys
- name: Post