-
Notifications
You must be signed in to change notification settings - Fork 16
/
stripe.saas.txt
5654 lines (4826 loc) · 338 KB
/
stripe.saas.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
STRIPE
TODO:
- update with latest API changes (last checked on 8 April 2020) in https://github.com/stripe/openapi and https://github.com/stripe/stripe-node
- https://stripe.com/docs/api/subscription_schedules
- https://stripe.com/docs/billing/subscriptions/subscription-schedules
- https://stripe.com/docs/payments/cards/reusing-cards
- https://stripe.com/docs/payments/cards/saving-cards#saving-card-without-payment
- https://stripe.com/docs/billing/subscriptions/payment#using-setupintents
- https://github.com/stripe/stripe-cli
- Stripe.js:
- https://stripe.com/docs/stripe-js
- https://stripe.com/docs/amex-express-checkout#integrating
- https://stripe.com/docs/masterpass#integrating
- https://stripe.com/docs/visa-checkout#integrating
- https://stripe.com/docs/payments/payment-intents/quickstart#viewport-meta-requirements
- https://stripe.com/docs/payments/3d-secure-iframe
- GET /apple_pay/domains[/ID], POST /apple_pay/domains, DELETE /apple_pay/domains/ID
- https://github.com/stripe/react-stripe-js
- Checkout:
- https://stripe.com/docs/payments/checkout
- https://dashboard.stripe.com/account/checkout/settings
- including the Checkout section on https://stripe.com/docs/receipts
- compare with other providers like PayPal, authorize.net and Klarna
- check Stripe on GitHub
- https://stripe.com/works-with
- https://stripe.com/en-US/guides/general-data-protection-regulation
- remove myself from Stripe Cardero
VERSION ==> #2020-03-02
#Last checked on 8 April 2020
#See:
# - https://stripe.com/en-US/blog/changelog
# - https://stripe.com/docs/upgrades
Stripe-Version: VERSION [C|S] #Defaults to latest.
FEATURES ==> #Payment types:
# - single payments
# - recurring payments (including trials, complex plans, automation, prorating, high consumption limits, tiered pricing, metered pricing, discounts)
# - many payment methods
# - automatic payment method renewal on expiration
# - including on-site payment
# - user-created cards (spending limits, authorizations)
# - virtual ACH credit transfer
# - delayed payments (capturing)
#Payment documents:
# - invoices (including PDF, hosted payment page, credit notes)
# - automatic receipts, emails
#Payment issues:
# - refunds
# - fraud dispute resolution
# - automatic fraud detection (machine learning)
#Platform/Connect:
# - platform payments (Connect) (including complex money flow, restricting accounts)
# - OAuth
# - Stripe account balance (including automatic payouts)
#Shipping (costs, taxes, custom logic)
#Large amount of currencies and countries (but not all)
#Legal:
# - PCI compliance, SCA compliance
# - verification of Connect ACCOUNTs, VAT IDs
# - bank account verification
#Developer UX:
# - very developer-friendly
# - clients: Node.js, Web UI, JavaScript (each UI element or full payment page)
# - export data as CSV or SQL
/=+===============================+=\
/ : : \
)==: SUMMARY :==(
\ :_______________________________: /
\=+===============================+=/
PRICING ==> #Percentage of money volume. Extra if different currency/country.
#Connect standard: free, Connect express|custom: smaller percentage of money volume
#Ongoing disputes have cost.
PARTNERS ==> #Apps that use Stripe OAuth. For extra fee and process, get marketing + support.
LEGAL ==> #PCI compliant if using Stripe clients. Easy to submit compliance documents.
#SCA compiiant.
API REQUESTS ==> #REST API, urlencoded request, JSON response
AUTHENTICATION ==> #Two keys: server-side, client-side. Can revoke|scope|time-limit new keys.
OAUTH ==> #Allow using another ACCOUNT, for Connect or for extensions.
SINGLE-USE LOGIN ==> #Single-use login URL (Connect express only)
COMMON ATTRIBUTES ==> #Custom metadata and created timestamp on any resource. Population.
PAGINATION ==> #
IDEMPOTENCY ==> #Idempotency-Key [C] to avoid doing twice side-effects because of retry (e.g. new PINTENT|CHARGE|USAGE_RECORD)
ERRORS ==> #Human-friendly message. Lots of type/subtypes on CHARGE failure. Request-Id [S]
TESTING ==> #Test mode.
#Can use built-in fake SOURCE (and related), DISPUTE, Connect ACCOUNT, TAX_ID, READER, CHARGE.outcome.risk_level
EVENT ==> #Async operation or generic API event (create|update|delete). Include most request information.
WEBHOOK ==> #Webhook triggered on EVENT.
FILES ==> #Static files.
ADDRESS ==> #Used in many models.
CURRENCY ==> #Three stages of currency: customer -> CHARGE -> destination (customer pay for first, we pay for second)
#Available currencies are limited by ACCOUNT.country and payment methods.
COUNTRY ==> #Customer can be any country, but our country must be among possible ones.
#TRANSFER|PAYOUT|TOPUP must be within same country (or Eurozone)
#Fee to both us and customer if different country.
#Several features are US only.
PAYMENT INTENT ==> #SOURCE authentication flow + CHARGE. Only for credit cards.
SETUP INTENT ==> #Like PINTENT but done in advance.
CHARGE ==> #Single payment. Can send receipts.
CAPTURING ==> #Delayed payment, for easy withdrawal or fraud suspicion. Can be partial.
REFUND ==> #Reverting CHARGE. Can send email.
STATEMENT DESCRIPTOR ==> #Shown in bank statements.
SOURCE TYPES ==> #Differences: customer UX, sync|async, flow, re-use, timeframe, REFUND, DISPUTE, country, currency, pricing
#Available:
# - card: common fast. Should use 3D secure. Should check bank response on CVC/ZIP match (can automate it).
# - digital wallets (Visa Checkout, Masterpass, Amex Express Checkout): lower amount, has personal info, NFC
# - terminal READER: in-person
# - ACH credit|debit: US-only, cheap, common in B2B, slow, re-use-friendly
# - credit: more effort for customer
# - debit: must first verify bank account (extra steps)
# - SEPA debit: like ACH debit but for EU
# - country-specific: Sofort (Germany), Giropay (Germany), EPS (Austria), iDEAL (Netherlands), Bancontact (Belgium),
# p24 (Poland), multibanco (Portugal), Klarna (mostly Scandinavia)
# - Stripe account
# - Alipay, WeChat: China, restrictive terms of service
# - Apple Pay, Google Pay, Microsoft Pay, Samsung Paya
#Not available: wire transfers, Western Union
SOURCE ==> #Payment method (old API). Some can be re-used. Different authorization flows. Can be automatically updated on renewal.
PAYMENT METHOD ==> #Payment method (new API, credit cards only)
CARD ==> #'card' payment method (old API)
BANK ACCOUNT ==> #'ach_debit' payment method (old API)
EXTERNAL ACCOUNT ==> #CARD|BANK_ACCOUNT of an ACCOUNT (for PAYOUTs and Connect)
SOURCE TRANSACTION ==> #CHARGEs of a specific SOURCE
CUSTOMER ==> #Person paying. Allow re-using payment method, email, address, INVOICE info.
TOKEN ==> #Encapsulate SOURCE|ACCOUNT|PERSON, for security reason.
SUBSCRIPTION ==> #Recurring CHARGE for a specific CUSTOMER. Can use trials. Either automatically charge or send emails. Can set periods.
#Can send several invoices per period if high consumption. Automatic adjustment ("prorate") on changes.
SUBSCRIPTION ITEM ==> #Allow several PLANs per SUBSCRIPTION
PLAN ==> #Pricing scheme. Tied to a PRODUCT. Can set frequency. Either flat or tiered. Can be metered. Can use modulo.
USAGE RECORD ==> #Metered usage single consumption.
USAGE RECORD SUMMARY ==> #Metered usage summary consumption.
PRODUCT ==> #Generic info about service|product sold.
COUPON ==> #DISCOUNTs to many CUSTOMERs (SUBSCRIPTION only). Absolute or relative. Can be count|time limited. Can be repeated.
DISCOUNT ==> #Discount to one CUSTOMER
CREDIT NOTE ==> #Adjustment on open|paid INVOICE. Reduce INVOICE amount, REFUND, reduce CUSTOMER balance or settle outside Stripe. Can PDF.
CREDIT NOTE ITEM ==> #CREDIT_NOTE's item
INVOICE ==> #Incoming SUBSCRIPTION CHARGE. Automatic (send emails, change state, payment retry) or manual. Can set due date.
#Can PDF. Hosted URL to pay. Can customize look and content.
LINE ITEM ==> #Automatic INVOICE single item
INVOICE ITEM ==> #INVOICE single item
UPCOMING INVOICE ==> #Preview an INVOICE
AUTOMATED RECONCILIATION ==> #Virtual ACH credit transfer, with automatic emails.
TAX ID ==> #CUSTOMER tax identifiers. Verified by Stripe (EU only).
TAX RATE ==> #Tax on a SUBSCRIPTION[_ITEM]|INVOICE|LINE_ITEM. Relative. Inclusive or exclusive.
ACCOUNT ==> #Stripe account. Current one or through Connect. General company|person info. Branding (color|logo). Dashboard settings. Payment settings.
PERSON ==> #Stripe user. Info verified by Stripe.
RESTRICTION ==> #On ACCOUNT creation, must provide generic info. After 1 month, must upload ID. Only for business owners.
#If issue, Stripe or us (for Connect) can forbid CHARGE|PAYOUT.
CAPABILITY ==> #US-specific restrictions
BALANCE ==> #ACCOUNT virtual bank account. Currency-wise. Some money can be reserved|pending.
BALANCE TRANSACTION ==> #ACCOUNT's BALANCE single transaction.
CUSTOMER BALANCE TRANSACTION ==> #CUSTOMER's balance single transaction.
PAYOUT ==> #Money from|to ACCOUNT to|from bank account / credit card. Can be faster for an extra fee. Minimal amount. Can be automated.
TOPUP ==> #Money from bank account / credit to ACCOUNT.
CONNECT ==> #When platform facilitating CHARGE|SUBSCRIPTIONs between payers (CUSTOMER) and seller (Stripe ACCOUNT2), for a FEE.
#Types:
# - standard: normal Dashboard, does not handle ACCOUNT.*, OAuth, no DISPUTE|REFUND|BALANCE responsability, no fee
# - express: simple Dashboard, handle few ACCOUNT.*, OAuth, extra fee, US only
# - custom: custom Dashboard, handle all ACCOUNT.*, no OAuth, extra fee
#Charges routing:
# - direct charges: only forward payment, usually standard
# - destination charges: more than forward payment, usually express|custom
# - separate: complex routing (including 1-n|n-1|n-n, or defered payment), usually express|custom, more work, must be both in US|Europe
#Can decide to be shown on bank statements, or not.
#Account debit: CHARGE|TRANSFER from Connect ACCOUNT2 towards our ACCOUNT. Must be both in US|Europe.
TRANSFER ==> #Money from ACCOUNT to ACCOUNT2
TRANSFER REVERSAL ==> #REFUND of a TRANSFER
APPLICATION FEE ==> #Our fee between Connect users. Absolute or (for SUBSCRIPTION) also relative.
APPLICATION FEE REFUND ==> #REFUND of a FEE
FRAUD ==> #Causes: fraud (most common), product|service issue, wrong billing, bug.
#Inquiries/retrievals: pre-dispute.
#Typical frauds, signs of fraud, how to avoid.
#>1% dispute rate creates issues with Stripe and credit card companies.
#Should REFUND before DISPUTE.
DISPUTE ==> #Stripe takes money until solved. Must submit evidences.
#Timeframe, process and possibility are payment method-specific.
CHARGE OUTCOME ==> #CHARGE failure reason information. Radar risk score (machine learning) and rule.
RADAR RULE ==> #Automatically flag suspicious CHARGE: require 3D secure, create REVIEW or block.
#Built-in or custom rules (using declarative syntax).
RADAR VALUE LIST ==> #ENUM for use in Radar rules.
RADAR VALUE LIST ITEM ==> #
REVIEW ==> #Suspicious CHARGE, but already processed.
FRAUD WARNING ==> #Similar but outside REVIEW system
ORDER ==> #CHARGE for 1|n SKUs to a CUSTOMER. Shipping logic: cost, taxes, custom logic (shippment, delivery estimation).
ORDER ITEM ==> #
ORDER RETURN ==> #REFUND or an ORDER
SKU ==> #Variation of a GOOD_PRODUCT (quantity, price, size, etc.). Can disable. Can set inventory. Can set attributes and dimensions.
ISSUING CARD ==> #User-created credit cards. Physical (shipped by Stripe) or virtual. Can set spending limits, including purchase category-wise. Can be replaced.
ISSUING CARD DETAILS ==> #Same with extra security-sensitive fields.
ISSUING CARDHOLDER ==> #User of ISSUING_CARD. Can be individual or business. Can disable.
ISSUING AUTHORIZATION ==> #Pending transaction that must be approved first (through fast webhook). Can be partial.
ISSUING TRANSACTION ==> #Transaction of ISSUING_CARD
ISSUING DISPUTE ==> #DISPUTE of ISSUING_CARD
TERMINAL READER ==> #Physical card reader. Ordered|shipped from Stripe. Client runs on mobile device, with JavaScript/iOS/Android SDK.
#Pre-certified by Stripe.
#Either Verifone (more expensive, not mobile, screen, keys) or BBPOS (cheaper, mobile, harder to integrate)
#Receipts by email or manual. Must use charges capturing.
TERMINAL LOCATION ==> #Several READERs in same place.
TERMINAL CONNECTION TOKEN ==> #Token to authenticate client to READER
MONTHLY REPORT ==> #CSV summary of ACCOUNT data, downloaded from Dashboard
SIGMA ==> #SQL query of ACCOUNT data. Can be shared. Data is 3 days old.
SIGMA SCHEDULED QUERY ==> #Repeated Sigma query. Can automatically email results.
STRIPE-NODE ==> #Node.js client
DASHBOARD ==> #Web UI client. Some features only available in Dashboard.
#Nice search. Can show all requests logs. Can export data as CSV. Team management roles. Email notifications.
FRONT-END ==> #JavaScript client, for each UI element
CHECKOUT ==> #JavaScript client, for whole page
/=+===============================+=\
/ : : \
)==: PRICING :==(
\ :_______________________________: /
\=+===============================+=/
COUNTRIES ==> #Pricing is ACCOUNT.country-specific. Those are US prices.
CHARGE ==> #2.9% + $0.30
#Additional 1%-1.5% if customer's bank different country
#Payment-method specific:
# - 'ach_debit':
# - 0.8%, max $5
# - $4 if failed (not disputed)
# - 'ach_credit_transfer':
# - $1
# - if must reconcile, $7 for <$1000, $15 for <$100,000, $25 otherwise
SUBSCRIPTION ==> #Either:
# - 0.4% per CHARGE (on top of normal price)
# - free for first $1,000,000/month
# - 0.7% per CHARGE, but include Sigma and Salesforce|Netsuite integrations
PAYOUT ==> #Either:
# - 'standard': $0.25
# - 'instant': 1.5% (or minimum $0.5)
#Additional 1% if currency change
CONNECT ==> #standard: none
#express|custom:
# - 0.25% of TRANSFERs in US/Canada, 0.5% otherwise
# - 1.5% of account debits
# - $2 per ACCOUNT
# - except ones with 0 CHARGEs during the month
# - except first 5000 ones each month
#FEE: none
DISPUTE ==> #CHARGE is provisionally refunded
#15 USD fee (refunded if won)
RADAR FOR FRAUD TEAMS ==> #$0.02 per CHARGE
SCHEDULED_QUERY ==> # - <500: $0.02 per CHARGE + $10
# - <1000: $0.018 per CHARGE + $25
# - <5000: $0.016 per CHARGE + $50
# - <50000: $0.014 per CHARGE + $100
TERMINAL ==> #CHARGE: 2.7% + $0.05
#TERMINAL itself ($59 or $299)
STRIPE VERIFIED PARTNER ==> #$250/year
PREMIUM SUPPORT ==> #$1000/month
/=+===============================+=\
/ : : \
)==: PARTNERS :==(
\ :_______________________________: /
\=+===============================+=/
PARTNERS ==> #Apps that use Stripe OAuth.
#Must be registered online.
#For free, only offers marketing materials.
#Types:
# - extensions
# - plugins: e.g. for CMS
# - platforms: for whole website / PaaS
# - services: offering support|consulting (no OAuth)
STRIPE VERIFIED PARTNER ==> #Requires:
# - extra fee
# - code quality submission (https://stripe.com/docs/partners/requirements)
#Offers:
# - can shift customer questions to Stripe support
# - can use Stripe logo
# - featured in https://stripe.com/works-with
# - access to betas
/=+===============================+=\
/ : : \
)==: LEGAL :==(
\ :_______________________________: /
\=+===============================+=/
PCI COMPLIANCE ==> #See PCI docs.
#How Stripe helps:
# - stores sensitive information
# - i.e. never returned in response, only in request payloads
# - front-end code (checkout, Elements, mobile SDK, Terminal, Connect) handles it,
# i.e. never handled by our front-end or server code
# - i.e. needs to use those to be PCI compliant
# - validation: just need to click it every 3 month in dashboard, providing:
# - not creating charges manually via HTTP or via Dashboard (instead of Elements, etc.)
# - not level 1
# - for level 1, can also offer help (must contact them), reducing audit time from 3 months to 1 week
#There is a section in Dashboard about current status, and documents to upload.
SCA COMPLIANCE ==> #Must use 3D secure for 'card' payments. I.e. must use PINTENT.
#See PSD2 docs.
MIGRATING ==> #Check online doc how to migrate from|to Stripe from|to another provider:
# - it's not easy and might be impossible if new provider is not PCI compliant
# - from one Stripe account to another: can contact support
/=+===============================+=\
/ : : \
)==: NOTATION :==(
\ :_______________________________: /
\=+===============================+=/
NOTATION ==> CU#Updatable on create|update
R#Only on create|update, not in responses
*#Required on create|update
?#Optional field (null or undefined if not present). I have not documented all optional fields as such yet.
MONEY #INT. In the currency's smallest unit (e.g. cents for USD).
#Can be negative.
PMONEY #Like MONEY but >= 0
#When *_decimal, is 'BIGINT' string (12 decimals precision) instead
DATE_NUM #Unix timestamp in seconds.
CMP_FILTER #OBJ: gt[e]|lt[e] NUM|DATE_NUM
/=+===============================+=\
/ : : \
)==: API REQUESTS :==(
\ :_______________________________: /
\=+===============================+=/
ENDPOINT ==> #https://api.stripe.com/v1/
Content-Type: application/
x-www-form-urlencoded [C] #Request body: x-www-form-urlencoded (but must keep [] not encoded)
?PARAM #Are actually request body parameters, not URL variables (except for OAuth)
Accept: application/json [C] #Response body: JSON
/=+===============================+=\
/ : : \
)==: AUTHENTICATION :==(
\ :_______________________________: /
\=+===============================+=/
Authorization: Bearer API_KEY [C] #Authentication
API_KEY #2 keys:
# - server-side / secret
# - client-side / public / "publishable"
ADDITIONAL KEY ==> #Can create|delete more keys:
# - can be revoked
# - including with a timeout of 12 hours
# - can be scoped to:
# - specific endpoints
# - read_write, read_only, none
POST /ephemeral_keys
DELETE /ephemeral_keys/ID
STRIPE.ephemeralKeys.create|del() #
EPHEMERAL_KEY #API_KEY time-limited and scoped to a specific CUSTOMER
EPHEMERAL_KEY.customer RC#CUSTOMER.id
EPHEMERAL_KEY.issuing_card RC#ISSUING_CARD.id
EPHEMERAL_KEY.secret #API_KEY
EPHEMERAL_KEY.expires #DATE_NUM
/=+===============================+=\
/ : : \
)==: OAUTH :==(
\ :_______________________________: /
\=+===============================+=/
OAUTH ==> #Allow apps to do things on behalf of user's ACCOUNT.
#Endpoint connect.stripe.com
#Not possible with ACCOUNT.type 'custom'
Stripe-Account: ACCOUNT.id [C] #Log in using another ACCOUNT after granted through OAuth (ACCESS_TOKEN was obtained).
#Not needed for /accounts/ID endpoints.
Authorization: ACCESS_TOKEN [C] #Alternative|legacy way, less secure.
#ACCESS_TOKEN is OAuth's
STRIPE.setClientId('CLIENT_ID')
STRIPE.getClientId()->'CLIENT_ID' #CLIENT_ID is found in Connect Dashboard, and identifies current ACCOUNT.
GET /oauth/[express/]authorize #Redirects to OAuth authorization page.
STRIPE.oauth.authorizeUrl #Returns '/oauth/authorize' full URL.
([URL_PARAMS, ][OPTS])->'URL' #OPTS: express BOOL
?client_id=CLIENT_ID *#
?response_type=code *#
?redirect_uri=URI #Where to redirect.
?scope=STR #Either 'read_only' (def) or 'read_write' (recommended for Connect standard)
#For 'express', can only be 'express' (def)
?state=STR #Arbitrary STR, passed to redirect as a CSRF token. Should be checked after redirection.
?stripe_landing=STR #Whether should show a page to:
# - 'login' to Stripe
# - prefer if expect user to already have Stripe ACCOUNT.
# - def if ?scope=read_only
# - 'register' to Stripe
# - def if ?scope=read_write
?always_prompt=BOOL #If true (def: false), prompt even if OAuth already connected.
?stripe_user[VAR] #Pre-fills ACCOUNT creation fields among:
# - email (ACCOUNT.*)
# - business_name|phone_number|business_type (ACCOUNT.business_profile.*)
# - first_name|last_name (PERSON.*)
# - suggested_capabilities|accept_capabilities STR_ARR among 'card_payments' or 'transfers' (REQUIREMENTS.*)
#If ACCOUNT.type 'standard', can also pre-fill:
# - country|currency (ACCOUNT.*)
# - url (ACCOUNT.business_profile.*)
# - street_address|city|state|zip|dob_*|gender (PERSON.*)
# - physical_product|product_description (PRODUCT.*)
OAUTH REDIRECTION ==> #Redirect URI:
# - must specify allowed ones in Dashboard.
# - defaults to first one
# - must be HTTPS
#Passes the following query variables:
# - ?code=OAUTH_CODE
# - ?scope|state: same as input
#EVENT 'account.application.authorized'
ERROR_RESPONSE #Does not redirect, except for 'access_denied'
ERROR_RESPONSE.error #STR:
# - 'access_denied': user clicked the Deny button
# - 'invalid_scope': invalid ?scope
# - 'invalid_redirect_uri': invalid ?redirect_uri
# - 'invalid_request': missing ?response_type
# - 'unsupported_response_type' invalid ?response_type
ERROR_RESPONSE.error_description #STR that can be shown to user
ERROR_RESPONSE.state #STR. Same as ?state
POST /oauth/token
STRIPE.oauth.token() #Turn OAUTH_CODE|REFRESH_TOKEN into ACCESS_TOKEN
?grant_type=STR *#Either:
# - 'authorization_code': use ?code
# - 'refresh_token': use ?refresh_token
?code=OAUTH_CODE *#
?refresh_token=REFRESH_TOKEN *#
?scope=STR #Must be equal (def) or lower than original ?scope
RESPONSE.access_token #ACCESS_TOKEN.
RESPONSE.refresh_token #REFRESH_TOKEN
RESPONSE.stripe_user_id #ACCOUNT.id
RESPONSE.stripe_publishable_key #ACCOUNT's publishable API_KEY
RESPONSE.scope #STR
RESPONSE.token_type #Always 'bearer'
ERROR_RESPONSE.error #STR:
# - 'invalid_request': no ?grant_type|code|refrsh_token
# - 'invalid_grant': invalid|expired ?code|refresh_token
# - 'unsupported_grant_type': invalid ?grant_type
# - 'invalid_scope': invalid ?scope
# - 'unsupported_response_type': invalid ?response_type
ERROR_RESPONSE.error_description #STR that can be shown to user
POST /oauth/deauthorize #Invalidate an ACCESS_TOKEN.
STRIPE.oauth.deauthorize() #EVENT 'account.application.deauthorized'
?stripe_user_id=ACCOUNT.id *#For the ACCOUNT that granted the ACCESS_TOKEN
?client_id=CLIENT_ID *#For the ACCOUNT that was granted the ACCESS_TOKEN
RESPONSE.stripe_user_id #Same as input
ERROR_RESPONSE.error #STR:
# - 'invalid_request': no ?client_id|stripe_user_id
# - 'invalid_client': invalid ?client_id|stripe_user_id
ERROR_RESPONSE.error_description #STR that can be shown to user
/=+===============================+=\
/ : : \
)==: SINGLE-USE LOGIN :==(
\ :_______________________________: /
\=+===============================+=/
LOGIN_LINK #Single-use login URL for this ACCOUNT. Express only.
POST /accounts/ID/login_links #
STRIPE.loginLinks.create() #
LOGIN_LINK.url #'URL'
POST /accounts/ID/logout #Invalidate all LOGIN_LINK
/=+===============================+=\
/ : : \
)==: COMMON ATTRIBUTES :==(
\ :_______________________________: /
\=+===============================+=/
RESOURCE.id #STR
RESOURCE.object #Either:
# - 'list': for list endpoints
# - 'RESOURCE_NAME' (e.g. 'balance_transaction')
RESOURCE.metadata CU#Custom OBJ
#Max 50 properties, max KEY length 40 bytes, max value length 500 bytes.
#Should not contain personal or confidential information.
RESOURCE.created #DATE_NUM
GET /RESOURCES?created=CMP_FILTER #
?expand=VARR,... #Populate attribute
#Max depth 4
/=+===============================+=\
/ : : \
)==: PAGINATION :==(
\ :_______________________________: /
\=+===============================+=/
GET /RESOURCES?limit=NUM #Pagination size (def: 10). Min 1, max 100.
GET /RESOURCES
?starting_after|ending_before
=RESOURCE.id #Cursor pagination
LIST #Paginated response
LIST.data #OBJ_ARR
LIST.has_more #BOOL
LIST.total_count #NUM
LIST.url #'/v1/...'
SRES.list(...)->PROMISE #PROMISE is also an ASYNC_ITERATOR (with each OBJ model).
SRES.autoPagingEach #Iterates over all, in streaming mode.
([FUNC(OBJ)][, FUNC2([ERROR])]) #PROMISE resolved with undefined once iteration done.
->PROMISE #FUNC() is called with each model OBJ:
# - can return false to stop iteration
# - can be async
#FUNC2() is called at end
SRES.autoPagingToArray #Iterates over all at once.
(OPTS)->PROMISE_OBJ_ARR #OPTS:
# - limit NUM (required) (max 10000): stops if more than that (but no errors)
/=+===============================+=\
/ : : \
)==: IDEMPOTENCY :==(
\ :_______________________________: /
\=+===============================+=/
Idempotency-Key: RANDOM [C] #Memoize using:
# - RANDOM
# - request parameters (including body)
# - response's status code (including 4**|5**)
#Error is same RANDOM but others two are different.
#Allows for safe retries.
#Only:
# - for `POST`
# - for requests that passed input validation layer.
# - for 24 hours.
#Recommended for:
# - POST /charges|payment_intents
# - using the order ID, or the SOURCE.id (unless reusable), etc.
# - to avoid DISPUTEs on duplicated charges
# - POST /subscription_items/ID/usage_records
/=+===============================+=\
/ : : \
)==: ERRORS :==(
\ :_______________________________: /
\=+===============================+=/
{ error: ERROR } #Error response for any endpoint
ERROR.message
CHARGE.failure_message #STR. Can be shown to users for card errors.
ERROR.param #'PROP' that failed input validation.
ERROR.charge #CHARGE.id
ERROR.payment_intent #PINTENT
ERROR.setup_intent #SETUP_INTENT
ERROR.payment_method #PAYMENT_METHOD
ERROR.source #SOURCE.id
NODE_ERROR.raw #ERROR
NODE_ERROR.message|code|param #Same as ERROR.*
NODE_ERROR.rawType #Same as ERROR.type
NODE_ERROR.type #Same as ERROR.type except:
# - PascalCase and prepended with 'Stripe'
# - e.g. 'StripeConnectionError' or 'StripeAPIError'
NODE_ERROR.detail #NODE_ERROR2. When there is a sub-error
NODE_ERROR.headers #HEADERS_OBJ
#Only set when a 4**|5** response was received
NODE_ERROR.statusCode NUM #Only set when a 4**|5** response was received
NODE_ERROR.doc_url #'URL'
ERROR.type #Can be:
# - 'invalid_request_error' (400|404): input validation server-side
# - 'authentication_error' (401)
# - 'api_connection_error': cannot connect to API (network failure, timeout)
# - 'card_error' (402): credit card could not be charged
# - 'permission_error' (403)
# - 'idempotency_error' (409): wrong usage of `Idempotency-Key`
# - 'rate_limit_error' (429)
# - 'api_error' (500|502|503|504): server-side errors
# (stripe.js only)
# - 'validation_error': input validation
# (stripe-node only)
# - 'signature_response_error': webhooks verification error
# - 'stream_processing_error': when creating files using STREAMs
# - 'invalid_grant_error': OAuth error
# - 'generic_error': generic error
ERROR.code #One of:
CHARGE.failure_code # - 'account_already_exists': The email address provided for the creation of a deferred account already has an account associated with it.
# Use the OAuth flow to connect the existing account to your platform.
# - 'account_country_invalid_address': The country of the business address provided does not match the country of the account.
# Businesses must be located in the same country as the account.
# - 'account_invalid': The account ID provided as a value for the Stripe-Account header is invalid. Check that your requests are specifying a valid account ID.
# - 'account_number_invalid': The bank account number provided is invalid (e.g., missing digits).
# Bank account information varies from country to country. We recommend creating validations in your entry forms based on the bank account formats we provide.
# - 'alipay_upgrade_required': This method for creating Alipay payments is not supported anymore. Please upgrade your integration to use Sources instead.
# - 'amount_too_large': The specified amount is greater than the maximum amount allowed. Use a lower amount and try again.
# - 'amount_too_small': The specified amount is less than the minimum amount allowed. Use a higher amount and try again.
# - 'api_key_expired': The API key provided has expired. Obtain your current API keys from the Dashboard and update your integration to use them.
# - 'balance_insufficient': The transfer or payout could not be completed because the associated account does not have a sufficient balance available.
# Create a new transfer or payout using an amount less than or equal to the account's available balance.
# - 'bank_account_exists': The bank account provided already exists on the specified Customer object.
# If the bank account should also be attached to a different customer, include the correct customer ID when making the request again.
# - 'bank_account_unusable': The bank account provided cannot be used for payouts. A different bank account must be used.
# - 'bank_account_unverified': Your Connect platform is attempting to share an unverified bank account with a connected account.
# - 'bitcoin_upgrade_required': This method for creating Bitcoin payments is not supported anymore. Please upgrade your integration to use Sources instead.
# - 'card_declined': The card has been declined.
# When a card is declined, the error returned also includes the decline_code attribute with the reason why the card was declined.
# - 'charge_already_captured': The charge you're attempting to capture has already been captured. Update the request with an uncaptured charge ID.
# - 'charge_already_refunded': The charge you're attempting to refund has already been refunded. Update the request to use the ID of a charge that has not been refunded.
# - 'charge_disputed': The charge you're attempting to refund has been charged back. Check the disputes documentation to learn how to respond to the dispute.
# - 'charge_exceeds_source_limit': This charge would cause you to exceed your rolling-window processing limit for this source type.
# Please retry the charge later, or contact us to request a higher processing limit.
# - 'charge_expired_for_capture': The charge cannot be captured as the authorization has expired. Auth and capture charges must be captured within seven days.
# - 'country_unsupported': Your platform attempted to create a custom account in a country that is not yet supported.
# Make sure that users can only sign up in countries supported by custom accounts.
# - 'coupon_expired': The coupon provided for a subscription or order has expired. Either create a new coupon, or use an existing one that is valid.
# - 'customer_max_subscriptions': The maximum number of subscriptions for a customer has been reached. Contact us if you are receiving this error.
# - 'email_invalid': The email address is invalid (e.g., not properly formatted).
# Check that the email address is properly formatted and only includes allowed characters.
# - 'expired_card': The card has expired. Check the expiration date or use a different card.
# - 'idempotency_key_in_use': The idempotency key provided is currently being used in another request.
# This occurs if your integration is making duplicate requests simultaneously.
# - 'incorrect_address': The card's address is incorrect. Check the card's address or use a different card.
# - 'incorrect_cvc': The card's security code is incorrect. Check the card's security code or use a different card.
# - 'incorrect_number': The card number is incorrect. Check the card's number or use a different card.
# - 'incorrect_zip': The card's ZIP code is incorrect. Check the card's ZIP code or use a different card.
# - 'instant_payouts_unsupported': The debit card provided as an external account does not support instant payouts.
# Provide another debit card or use a bank account instead.
# - 'invalid_card_type': The card provided as an external account is not a debit card. Provide a debit card or use a bank account instead.
# - 'invalid_charge_amount': The specified amount is invalid.
# The charge amount must be a positive integer in the smallest currency unit, and not exceed the minimum or maximum amount.
# - 'invalid_cvc': The card's security code is invalid. Check the card's security code or use a different card.
# - 'invalid_expiry_month': The card's expiration month is incorrect. Check the expiration date or use a different card.
# - 'invalid_expiry_year': The card's expiration year is incorrect. Check the expiration date or use a different card.
# - 'invalid_number': The card number is invalid. Check the card details or use a different card.
# - 'invalid_source_usage': The source cannot be used because it is not in the correct state (e.g., a charge request is trying to use a source with a pending,
# failed, or consumed source). Check the status of the source you are attempting to use.
# - 'invoice_no_customer_line_items': An invoice cannot be generated for the specified customer as there are no pending invoice items.
# Check that the correct customer is being specified or create any necessary invoice items first.
# - 'invoice_no_subscription_line_items': An invoice cannot be generated for the specified subscription as there are no pending invoice items.
# Check that the correct subscription is being specified or create any necessary invoice items first.
# - 'invoice_not_editable': The specified invoice can no longer be edited.
# Instead, consider creating additional invoice items that will be applied to the next invoice.
# You can either manually generate the next invoice or wait for it to be automatically generated at the end of the billing cycle.
# - 'invoice_upcoming_none': There is no upcoming invoice on the specified customer to preview.
# Only customers with active subscriptions or pending invoice items have invoices that can be previewed.
# - 'livemode_mismatch': Test and live mode API keys, requests, and objects are only available within the mode they are in.
# - 'missing': Both a customer and source ID have been provided, but the source has not been saved to the customer.
# To create a charge for a customer with a specified source, you must first save the card details.
# - 'not_allowed_on_standard_account': Transfers and payouts on behalf of a Standard connected account are not allowed.
# - 'order_creation_failed': The order could not be created. Check the order details and then try again.
# - 'order_required_settings': The order could not be processed as it is missing required information. Check the information provided and try again.
# - 'order_status_invalid': The order cannot be updated because the status provided is either invalid or does not follow the order lifecycle (e.g., an order cannot
# transition from created to fulfilled without first transitioning to paid).
# - 'order_upstream_timeout': The request timed out. Try again later.
# - 'out_of_inventory': The SKU is out of stock. If more stock is available, update the SKU's inventory quantity and try again.
# - 'parameter_invalid_empty': One or more required values were not provided. Make sure requests include all required parameters.
# - 'parameter_invalid_integer': One or more of the parameters requires an integer, but the values provided were a different type.
# Make sure that only supported values are provided for each attribute.
# - 'parameter_invalid_string_blank': One or more values provided only included whitespace. Check the values in your request and update any that contain only whitespace.
# - 'parameter_invalid_string_empty': One or more required string values is empty. Make sure that string values contain at least one character.
# - 'parameter_missing': One or more required values are missing.
# - 'parameter_unknown': The request contains one or more unexpected parameters. Remove these and try again.
# - 'parameters_exclusive': Two or more mutually exclusive parameters were provided.
# - 'payment_intent_authentication_failure': The provided payment method has failed authentication.
# Provide a new payment method to attempt to fulfill this PaymentIntent again.
# - 'payment_intent_incompatible_payment_method': The PaymentIntent expected a payment method with different properties than what was provided.
# - 'payment_intent_invalid_parameter': One or more provided parameters was not allowed for the given operation on the PaymentIntent.
# - 'payment_intent_payment_attempt_failed': The latest payment attempt for the PaymentIntent has failed.
# Check the last_payment_error property on the PaymentIntent for more details, and provide source_data or a new source to attempt to fulfill this PaymentIntent again.
# - 'payment_intent_unexpected_state': The PaymentIntent's state was incompatible with the operation you were trying to perform.
# - 'payment_method_unactivated': The charge cannot be created as the payment method used has not been activated.
# Activate the payment method in the Dashboard, then try again.
# - 'payment_method_unexpected_state': The provided payment method's state was incompatible with the operation you were trying to perform.
# Confirm that the payment method is in an allowed state for the given operation before attempting to perform it.
# - 'payouts_not_allowed': Payouts have been disabled on the connected account.
# Check the connected account's status to see if any additional information needs to be provided, or if payouts have been disabled for another reason.
# - 'platform_api_key_expired': The API key provided by your Connect platform has expired.
# This occurs if your platform has either generated a new key or the connected account has been disconnected from the platform.
# Obtain your current API keys from the Dashboard and update your integration, or reach out to the user and reconnect the account.
# - 'postal_code_invalid': The ZIP code provided was incorrect.
# - 'processing_error': An error occurred while processing the card. Check the card details are correct or use a different card.
# - 'product_inactive': The product this SKU belongs to is no longer available for purchase.
# - 'rate_limit': Too many requests hit the API too quickly. We recommend an exponential backoff of your requests.
# - 'resource_already_exists': A resource with a user-specified ID (e.g., plan or coupon) already exists. Use a different, unique value for id and try again.
# - 'resource_missing': The ID provided is not valid. Either the resource does not exist, or an ID for a different resource has been provided.
# - 'routing_number_invalid': The bank routing number provided is invalid.
# - 'secret_key_required': The API key provided is a publishable key, but a secret key is required.
# Obtain your current API keys from the Dashboard and update your integration to use them.
# - 'sepa_unsupported_account': Your account does not support SEPA payments.
# - 'shipping_calculation_failed': Shipping calculation failed as the information provided was either incorrect or could not be verified.
# - 'sku_inactive': The SKU is inactive and no longer available for purchase. Use a different SKU, or make the current SKU active again.
# - 'state_unsupported': Occurs when providing the legal_entity information for a U.S. custom account, if the provided state is not supported.
# This is mostly associated states and territories.
# - 'tax_id_invalid': The tax ID number provided is invalid (e.g., missing digits). Tax ID information varies from country to country, but must be at least nine digits.
# - 'taxes_calculation_failed': Tax calculation for the order failed.
# - 'testmode_charges_only': Your account has not been activated and can only make test charges. Activate your account in the Dashboard to begin processing live charges.
# - 'tls_version_unsupported': Your integration is using an older version of TLS that is unsupported. You must be using TLS 1.2 or above.
# - 'token_already_used': The token provided has already been used. You must create a new token before you can retry this request.
# - 'token_in_use': The token provided is currently being used in another request. This occurs if your integration is making duplicate requests simultaneously.
# - 'transfers_not_allowed': The requested transfer cannot be created. Contact us if you are receiving this error.
# - 'upstream_order_creation_failed': The order could not be created. Check the order details and then try again.
# - 'url_invalid': The URL provided is invalid.
ERROR.doc_url #'URL' of the ERROR.code
ERROR.decline_code #When ERROR.code is `card_declined`, can be:
# - invalid card numbers:
# - 'incorrect_number'
# - 'invalid_number'
# - 'invalid_expiry_year'
# - 'incorrect_cvc'
# - 'invalid_cvc'
# - 'incorrect_pin'
# - 'invalid_pin'
# - 'pin_try_exceeded'
# - 'incorrect_zip': The ZIP/postal code is incorrect.
# - 'approve_with_id': authorization error.
# - unknown reason:
# - 'call_issuer'
# - 'do_not_honor'
# - 'do_not_try_again'
# - 'generic_decline'
# - 'no_action_taken'
# - 'not_permitted'
# - 'revocation_of_all_authorizations'
# - 'revocation_of_authorization'
# - 'security_violation'
# - 'service_not_allowed'
# - 'stop_payment_order'
# - 'try_again_later'
# - 'transaction_not_allowed'
# - fraud:
# - 'fraudulent': Stripe suspects it is fraudulent.
# - 'lost_card': reported lost.
# - 'stolen_card': reported stolen.
# - 'pickup_card': reported lost or stolen.
# - 'restricted_card': reported lost or stolen.
# - 'merchant_blacklist': merchant is blacklisted by Stripe.
# - not enough money:
# - 'card_velocity_exceeded': exceeded the balance or credit limit available.
# - 'withdrawal_count_limit_exceeded': exceeded the balance or credit limit available on their card.
# - 'insufficient_funds'
# - 'invalid_amount': payment amount is invalid, or exceeds the amount that is allowed.
# - invalid purchase:
# - 'card_not_supported': does not support this type of purchase.
# - 'currency_not_supported': does not support the specified currency.
# - invalid card/bank:
# - 'expired_card'
# - 'invalid_account': The card, or account the card is connected to, is invalid.
# - 'new_account_information_available': The card, or account the card is connected to, is invalid.
# - server-side:
# - 'issuer_not_available': provider could not be reached.
# - 'processing_error': An error occurred while processing the card.
# - 'reenter_transaction': The payment should be attempted again.
# - 'duplicate_transaction'
# - 'testmode_decline': A Stripe test card number was used. A genuine card must be used to make a payment.
Request-Id: UUID [S] #Request/response ID, for debugging
NODE_ERROR.requestId STR #Request-Id [S]
#Only set when a 4**|5** response was received
/=+===============================+=\
/ : : \
)==: TESTING :==(
\ :_______________________________: /
\=+===============================+=/
TEST MODE ==> #Each key has either a production or a test version
# - sandbox / separate data
# - payments not processed by providers
# - simpler steps for some flows
# - fewer retries
#Forbidden by terms of service to use production key for testing.
#Dashboard can toggle between each mode.
RESOURCE.livemode #BOOL on all RESOURCEs
#Test transactions fire both test and production webhooks if WEBHOOK.connect true
# - i.e. those webhook handlers should check RESOURCE.livemode
FAKE DATA ==> #Can use test|fake SOURCE|TOKEN with following data. See list at:
# - https://stripe.com/docs/testing
# - each of the payment method doc pages
# - https://stripe.com/docs/connect/testing
# - https://stripe.com/docs/billing/testing
# - https://stripe.com/docs/radar/testing
#SOURCE for CHARGE|PINTENT:
# - 'card':
# - use SOURCE.TYPE.number
# - different ones:
# - SOURCE.TYPE.brand
# - type of payment (credit|debit|etc.)
# - SOURCE.country
# - 'card' with 3D secure:
# - use SOURCE.TYPE.number
# - different ones:
# - version 1 vs version 2
# - requiredAndPerformed, notRequiredButPerformed, requiredButNotSupportedByBank, notSupported
# - *_check states
# - failure types
# - radar risk levels
# - country split pricing
# - 'sepa_debit':
# - use SOURCE.TYPE.iban
# - different ones: success vs fail
# - 'ach_credit_transfer':
# - SOURCE.owner.email '[email protected]'
# - 'multibanco':
# - SOURCE.owner.email 'ANYTHING+fill_never|now@ANY_DOMAIN' (user never initiate, or does it right away)
# - 'sofort':
# - SOURCE.owner.name: 'succeeding_charge|failing_charge'
# - 'ach_debit':
# - SOURCE.type.routing_number: 110000000
# - SOURCE.type.account_number:
# - different failure types
# - PAYLOAD.amounts (verify endpoint):
# - [32, 45]: success
# - [any other]: failure
# - 'amex_express_checkout':
# - username: test_user
# - password: password
# - access code: 123456
# - 'masterpass': https://developer.mastercard.com/page/masterpass-sandbox-testing-guidelines#new-web-experience
# - 'visa checkout': https://developer.visa.com/capabilities/visa_checkout/docs#adding_visa_checkout_to_your_web_page
# - 'klarna': https://stripe.com/docs/sources/klarna#testing-klarna-payments
#TOKEN|PAYMENT_METHOD:
# - use TOKEN|PAYMENT_METHOD.id
# - same differences as 'card' SOURCE
#CARD|BANK_ACCOUNT for PAYOUT:
# - different ones:
# - country
# - failure code
# - CARD.brand
#BANK_ACCOUNT for TOPUP:
# - different ones: failure code
#DISPUTE:
# - through 'card' and 'sepa_debit' SOURCEs testing
# - different ones:
# - inquiry or normal DISPUTEs
# - won|lost
#ACCOUNT for Connect:
# - PERSON.phone 0000000000 (express only)
# - PERSON.dob|id_number|verification.document, COMPANY.tax_id:
# - different ones: failure|success
# - OAuth:
# - should create separate test ACCOUNT (not OAuth to self)
# - ?redirect_uri can be HTTP, and can be localhost
#TAX_ID:
# - different ones: success|failure|pending
#READER:
# - SDK can mock a READER ("simulator")
#CHARGE with READER:
# - must use a physical test card sent by Stripe
# - use CHARGE.amount
# - different ones: failure codes
#CARD|TOKEN for CHARGE.outcome.risk_level
/=+===============================+=\
/ : : \
)==: EVENT :==(
\ :_______________________________: /
\=+===============================+=/
EVENT #Either:
# - asynchronous operation results
# - can use webhooks to handle them
# - generic API events, e.g. resource creation|update|deletion
# - webhooks not needed there
'EVENT_TYPE' #Common types are 'RESOURCE.created|updated|deleted' for:
# (created|updated|deleted)
# - account.external_account
# - coupon
# - customer[.discount|source|subscription|tax_id]
# - invoice
# - invoiceitem
# - person
# - plan
# - product
# - recipient
# - sku
# (created|updated)
# - charge.dispute
# - credit_note
# - early_fraud_warning
# - issuing_authorization
# - issuing_card
# - issuing_cardholder
# - issuing_dispute
# - issuing_settlement
# - issuing_transaction
# - order
# - payout
# - source.transaction
# - tax_rate
# - transfer
# (created)
# - application_fee
# - file
# - order_return
# - payment_intent
# - setup_intent
# - sigma.scheduled_query_run
# - topup
# (updated)
# - account
# - application_fee.refund
# - capability
# - charge
# - charge.refund
# - mandate
# - payment_method
# - reporting.report_type
# (none)
# - reporting.report_run
# - review
# - source
#Other types are documented in each related resource.
GET /events[/ID] #
STRIPE.events.retrieve|list() #
EVENT.api_version #'VERSION'
#EVENTs are not migrated on new API versions, i.e. they keep old shape.
EVENT.type #'EVENT_TYPE'.
?type=STR #Can contain * for subtypes
?types=STR_ARR #
EVENT.data #EVENT_DATA
EVENT_DATA.object #RESOURCE that has changed (all new values)
EVENT_DATA.previous_attributes ?#RESOURCE that has changed (only old values)
EVENT.request #EVENT_REQUEST. API request that started the event.
#Fields are null if event was triggered by Stripe itself.
#Request logs are available in the dashboard, but not in the API.