2

I am working for the first time with Stripe. I am using stand alone accounts. I have a platform account also. In my web site a number of people with different Stripe accounts will be opening up campaigns for which money can be donated by various donors. Each campaign owner has a separate stripe account and the platform will be charging through the campaign owner's stripe account.

So what it amounts to is the platform account will be charging for a number of campaigns through each campaign owner's Stripe account. My problem is related to web hooks. One point to remember is each campaign has an id associated with it in the database and I am storing the API key of each campaign owner's stripe account and associating it with this id. To get Stripe data from the web hook in the web hook end point I have to set the API key of the connected account with a statement like:

\Stripe\Stripe::setApiKey("api key of stand alone account");
$input = @file_get_contents("php://input");

The trouble with this is there is one web hook end point for a number of Stripe accounts. I cannot hard-code the API key in the above statement. I have to fetch the appropriate API key from my database using the id.

But when Stripe invokes the web hook end point I simply do not have the campaign id with me in order to fetch the appropriate API key and set the API key. Is there any solution around this?

halfer
  • 19,824
  • 17
  • 99
  • 186
jai
  • 391
  • 2
  • 6
  • 14

1 Answers1

1

You don't need to store each account's API key. The only information you need to store is the account ID ("acct_..."). With standalone accounts, your integration will receive the account ID in the last step of the OAuth flow, in the stripe_user_id parameter.

You can then issue API requests on behalf of this account by using your own (the platform's) API key, and the Stripe-Account header.

Regarding webhooks specifically, events sent to your server via a "Connect" endpoint will include a user_id field with the account ID. So you can do something like this:

\Stripe\Stripe::setApiKey("PLATFORM_API_KEY");

$input = @file_get_contents("php://input");
$event_json = json_decode($input);
$user_id = $event_json->user_id;

// if you need to send an API request on behalf of this account,
// for example if you want to verify the event by fetching it from
// Stripe, you can use the Stripe-Account header:
$event = \Stripe\Event::retrieve(
    $event_json->id,
    array("stripe_account" => $user_id)
);
Ywain
  • 16,854
  • 4
  • 51
  • 67
  • Thanks Ywain. I will try it first thing tomorrow. My office hours are getting over in another 10 minutes. I will try it first thing tomorrow morning. – jai Jul 07 '16 at 11:15
  • The event is occurring in the connected account or in my case the campaign owner's stripe account and data is being sent to the end point in my server from there. Can I still use the PLATFORM_API_KEY? – jai Jul 07 '16 at 11:31
  • Yes, you can. You don't need to bother with storing each account's API key at all. You should always use your own API key and the `Stripe-Account` header as I explained. – Ywain Jul 07 '16 at 11:48
  • Thanks Ywain. I am at home now. I will work on this tomorrow when I get to office. Thanks. – jai Jul 07 '16 at 12:24
  • Hi Ywain. Sorry I was not storing the api key. I made a mistake in saying that. I am storing the account ID only associating it with the campaign to which it belongs using the campaign id in the database. The way I have solved my problem is to add the campaign id to the web hook url as a query string. My web hook url's look like – jai Jul 08 '16 at 05:52
  • https://webhookurl?campaignid= The problem with the solution you gave me is there is no user_id member in the event_json object. – jai Jul 08 '16 at 06:00
  • @jai As I said, if there is no `user_id`, it means you're receiving events through an "Account" endpoint and not a "Connect" endpoint. At this point I recommend you reach out to Stripe's support directly: https://support.stripe.com/email. We'll be able to take a look at your account and provide more specific help. – Ywain Jul 08 '16 at 10:03
  • Ywain, I sorted out my web hook end point issues by using query strings and things are live and working fine now.. Is it possible to set web hook end point url's in connected accounts from the platform remotely? – jai Aug 02 '16 at 06:37