Skip to main content
Question

Stripe public API key not working when calling REST API endpoints


Forum|alt.badge.img+3

In my desktop app, I use Stripe, connected to my RevenueCat account, to display a web page with a Stripe paywall (I use a Payment Link to keep it simple), and then call the RevenueCat REST API to:

  • list my offerings
  • purchase a product through Stripe
  • check if a user has purchased my one-time payment product or not
  • recover a one-time payment purchase

I want to interact with those APIs directly from my app, since I don’t have any back-end.

So in order to test that, I tried for example to call the following endpoint, in order to get my offerings, using Postman:
https://api.revenuecat.com/v2/projects/{project_id}/offerings

As described in the documentation, I use the “Authorization” header.

And here is my problem:

  • if I use my secret API key (that I created with the right authorization) as a value, it works
  • but if I use my Stripe public API key, I got an error: “Invalid API key”

Which I don’t understand since I can use the public API keys in a mobile app to achieve the same actions above.

So I have two questions:

  • why can’t I use the Stripe public API key to achieve that action when calling the REST API endpoint?
  • if I create a secret key, but only with the minimum required authorizations, in read only, that I store in my app, to achieve the actions above, would that be safe or not?
This post has been closed for comments

2 replies

Forum|alt.badge.img+8
  • RevenueCat Staff
  • 418 replies
  • October 9, 2024

Hi,

For the v2 API endpoints you need to use a v2 API key. Currently our public API keys are v1 which is why you are getting the “Invalid API key” error. You can use a read-only secret API key in your app for this and it should be safe. 


Forum|alt.badge.img+3
  • Author
  • Member
  • 5 replies
  • October 11, 2024

OK, I’ll try that, thanks!


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings