Choosing the right authentication type for your Stripe App

Stripe Plugins
1

Hey Developers! :wave:

Are you in the process of building a Stripe App, but unsure which authentication option to choose? You’re not alone. Here’s a handy decision matrix below to help you navigate your options.

Your app can use one of three methods to authenticate requests to the Stripe API on behalf of your users. Identify the one that works best for your app’s use case.

When to choose OAuth

  • To authorize access between a user’s account on your service and their Stripe account, OAuth simplifies the process by eliminating the need for manual API key entry, enhancing security and streamlining onboarding.
  • To centrally manage webhook events for all connected users with a single webhook, simplifying the setup compared to individual webhooks for each account.
  • If your integration already utilizes Connect OAuth, developing an OAuth app is recommended.
  • If your application requires access to any gated Stripe APIs or features

When to choose RAK app

  • If your integration requires a user to authenticate with their secret API keys, consider creating a RAK app as a drop-in replacement.
  • If your customers self host your integration in an environment where security concerns make it preferable for them to store their own restricted secret keys.
  • If your plugin relies on using a secret API key from a Connect platform to access its connected accounts, please contact Stripe support for further assistance.

When to choose Platform type

  • This is the default authentication type for Stripe apps, requiring only one API key. If you’re developing a new app from scratch and seek the simplest developer experience with a smooth onboarding process, and your code operates on your own trusted infrastructure, you should choose the Platform authentication type for your app.
  • If you currently have a Connect extension that uses your secret key and the Stripe-Account header to authorize API requests to Stripe, you should choose the Platform authentication type for your app.

The decision ultimately comes down to your specific integration needs and the experience you want to provide to your users. For a deeper dive into specific considerations, check out this documentation for more information.

Feel free to share your thoughts or ask questions below — let’s help each other build better integrations.

1 Like