Hi,
I’m trying to understand the flow between the two documentations. can you explain the difference and what is best approach to use?
vs
My use case: I’m trying to build a partner/platform account, and I would like to connect my Merchants stripe account to my account and perform transactions on their behalf like creating customers from my application into their stripe account, creating payment request on behalf of my merchants, etc. They also can manage their stripe account using their login and dashboard.
Thanks,
Hanmanth
Hi Hanmanth,
OAuth and the Stripe-Hosted onboarding serve similar purposes, but they differ on the amount of control you have over the connected account.
In the case of OAuth, your connected account will have the option to either connect a pre-existing account to your platform or create a new account and then connect it to your platform account. If the connected user does not have a Stripe account already, they will only have the option to create a new account and then connect it to your platform.
In the case of Stripe-hosted onboarding, you must create an account for them and then use Stripe-hosted onboarding for them to complete the onboarding flow, as indicated here: Stripe-hosted onboarding | Stripe Documentation. This means that your connected account will not be able to connect a pre-existing account to your platform (as the onboarding flow can only be used with the account you created for them), but it will guarantee that the connected account is controlled by your platform, allowing you to make use of the features enabled by this.
The main difference between these two is that OAuth allows you to connect a pre-existing account while Stripe-hosted onboarding should only be used for accounts created by your platform. The reason for this is that accounts connected to your platform by using OAuth, but that were not created by said platform will not have platform controls enabled on them, which will limit what you can do with them.
The Stripe-hosted onboarding can only be used for accounts that were created by your platform, which means that it guarantees your platform will control the connected account, giving you more control over them. You can read a bit more about what platform controls allow you to do here: Platform controls in the Stripe Dashboard | Stripe Documentation and here: Platform controls for connected accounts : Stripe: Help & Support
Stripe generally recommends using the Stripe-hosted onboarding because of these benefits, but if connecting pre-existing accounts to your platform is a must, you should use OAuth instead.
Hope this helps!
1 Like
[quote=“gmujica-teleperforma, post:3, topic:4762”]
d for accounts cre
[/quote] Thanks for your response. This helps. I will need to connect existing accounts, and then my only option is OAuth.
Can you confirm if the OAuth token and refresh token are deprecated and we should use the stripe-user-id and our apikey to make any transactions on behalf of the user (connected account)? Or can we still use “token”?
Additionally, if we are using our apiKey and stripe-user-id, how are the API limits applied?
Thanks,
Hanmanth
Yes, access tokens and refresh tokens are deprecated, so in order to make API calls for connected accounts, you will need to use the ID obtained in the stripe-user-id parameter and pass it using the Stripe-Account header, as shown here: Making API calls for connected accounts | Stripe Documentation.
In regards to API rate limits, each connected account has their own rate limit, which is separate from the platform’s. So, for example, you could make 80 API requests on connected account A, and also make another 80 requests simultaneously on connected account B, without hitting a rate limit error on either of them. Even if the requests were made from your platform for the connected account, each connected account would be able to make 100 read operations per second and 100 write operations per second
1 Like
Thank you for your quick response! It’s much appreciated!
Hi, I have a follow-up question here. When we use OAuth flow, we expect that if we are connecting the same account multiple times, the old connection should fail, and the new one should be active. But in our case, both connections are working.
How can we proceed here? My use case is as below
Use case: Our Merchants will have transactions in our system by location. We expect that for each location, we want them to connect to a new Stripe account and not re-use the existing one.
When we generate an OAuth link, we are unable to validate it as they only try to connect the account using the OAuth link. Even if they use the same Stripe account, we expect a different OAuth response, but we are getting the same stripe-user-id details.