2

I get following error: "The remote server returned an error: (401) Unauthorized" in this line:

using (HttpWebResponse httpResponse = request.GetResponse() as HttpWebResponse) {}

Here is the complete code:

string clientSecretKey = ConfigurationManager.AppSettings["ClientSecretKey"];

const string ChargeUrl = "https://api.stripe.com/v1/charges?amount={0}&currency={1}&source={2}&description={3}"; 
string requestUrl = HttpUtility.UrlPathEncode(
String.Format(ChargeUrl, 1000, "usd", "tok_19xLu8HN9aKw9vrkUsflNWOI", "Test charge to text@example.com") );
HttpWebRequest request = WebRequest.Create(requestUrl) as HttpWebRequest; 

request.Headers.Add("Authorization", "sk_test_example"); 
request.ContentType = "application/x-www-form-urlencoded";
request.Method = "POST";

using (HttpWebResponse httpResponse = request.GetResponse() as HttpWebResponse)
{/* some code */}

At the beginning I thought the error was caused because the token can't used more than one time, but I changed it and got the same error. I'm not sure what is causing the error.

Nil
  • 129
  • 4
  • 11
  • Message is clear. Your API key is not valid. May be you have put wrong key or not sending the key as you expect. Debug for the API key which you have set... – Zico May 25 '17 at 10:25
  • Unfortunately the API key is correct. I think the problem must be that I don't make the stripe authorization right. – Nil May 25 '17 at 11:17
  • If you are not sure about Stripe call using raw C#. You should use some library to make it easy. Unfortunately there is no official library for C# by Stripe. You can look at some third party [libraries](https://stripe.com/docs/libraries#c-sharp). – Zico May 25 '17 at 11:23
  • I forgot to mention I can't use third party libraries. – Nil May 25 '17 at 11:43

2 Answers2

2

The issue here is that you are passing the API key but not using Bearer authentication which is what Stripe's API expects. You need to change your Authorization header like this:

request.Headers.Add("Authorization", "Bearer sk_test_example");

I know you mentioned in the comments that you can't use a third-party library but I wanted to mention one just in case. Stripe.net lets you use Stripe's API in .Net easily without having to rewrite the logic yourself. Handling errors, encoding parameters and sub-hashes properly, managing authentication and JSON decoding, all of this will take a lot of time and trial and error to build from scratch while this library would handle all of this for you.

koopajah
  • 23,792
  • 9
  • 78
  • 104
  • I made the changes but now I get this error "The remote server returned an error: (403) Forbidden." Thank you for the information about the library. – Nil May 25 '17 at 13:54
  • @wieblinger this looks like an issue with the API key. Unfortunately hard to say without more details. I'd recommend talking to Stripe support: https://support.stripe.com/email – koopajah May 25 '17 at 17:09
  • I had a similar issue where I was getting an "unauthorized" response. In my case my HttpClient had a default Authorization header for my system which needed to be removed prior to making the call to Stripe Connect – David Clarke Oct 18 '17 at 01:17
1

You're initializing a variable for the secret key but not using it. Try modifying the request url to start with "https://" + clientSecretKey + ":@api..."

This is, of course, assuming clientSecretKey is the Stripe key.

Be careful putting a secret key somewhere on your server that it isn't hidden from a user / client.

Jake T.
  • 4,308
  • 2
  • 20
  • 48