key when making an API request, or use an incorrect or outdated one, Stripe returns an error.
Every account has separate keys for testing and for running live transactions. All API requests exist in either test or live mode, and objects in one mode (customers, plans, coupons, etc.) can’t manipulate objects in the other.
There are also two types of API keys: publishable and secret.
- Secret You must keep your secret API keys confidential and only store them on your own servers. You must not share your secret API key with any third parties. Your account’s secret API key can perform any API request to Stripe without restriction. If Stripe believes that your secret API key has been compromised, we may cancel and reissue it, potentially resulting in an interruption to your Stripe services.