There are two authentication methods available for connecting to Stripe:

• Using API keys
• Using OAuth

Using API Keys

Use your personal API keys to test and to access your own data. To obtain the API keys, follow the steps below:

1. Log into Stripe.
2. Click Developers and then click API Keys.
3. Set the OAuthAccessToken property to a test or live secret key in the API Keys section.

Using OAuth

Use OAuth to access your own data and to enable other users to access their own data.

OAuth requires the authenticating user to interact with Stripe using the browser. The driver facilitates this in various ways as described in the following sections.

Create an App

You can follow the procedure below to obtain the OAuth client credentials, the OAuthClientId and OAuthClientSecret:

1. (Optional) If Connect has not already been enabled on the Stripe account, click "Connect" from the left menu --> Get Started --> Build an extension --> Continue
2. Log into your Stripe dashboard and click Settings -> Connect Settings.
3. Enter a name, description, and other information to be displayed to users when they log in to grant permissions to your app.

4. If you are making a desktop application, set the Redirect URL to https://oauth.cdata.com/oauth/ .

   If you are making a Web application, set the Redirect URL to a page on your Web app you would like the user to be returned to after they have authorized your application.

Authenticate to Stripe from a Desktop Application

After setting the following connection properties, you are ready to connect:

• OAuthClientId: Set this to the client ID in the Settings -> Connect Settings section of your account.
• OAuthClientSecret: Set this to a Secret key in the Developers -> API Keys section of your account.
• CallbackURL: Set this to the Redirect URI in the Settings -> Connect Settings section of your account.
• InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken connection property.

When you connect the driver opens the OAuth endpoint in your default browser. Log in and grant permissions to the application. The driver then completes the OAuth process:

1. Extracts the access token from the callback URL and authenticates requests.
2. Refreshes the access token when it expires.
3. Saves OAuth values in OAuthSettingsLocation to be persisted across connections.

Authenticate to Stripe from a Web Application

To obtain the access token, set the following connection properties:

• OAuthClientId: Set this to the client_id in the Settings -> Connect Settings section of your account.
• OAuthClientSecret: Set this to a Secret key in the Developers -> API Keys section of your account.

When connecting via a Web application, or if the driver is not authorized to open a browser window, you need to exchange a verifier code for the OAuthAccessToken:

1. Call GetOAuthAuthorizationURL. The stored procedure returns the URL to the OAuth endpoint.
2. Log in and authorize the application. You are redirected back to the CallbackURL.
3. Extract the verifier code from the "code" query string parameter of the CallbackURL and call GetOAuthAccessToken.

To make requests to Stripe, set OAuthAccessToken. When the access token expires, call RefreshOAuthAccessToken. Given a refresh token as input, it returns a valid OAuth access token.