I am just wondering if it is okay to make Stripe account id (for Connect) and customer id visible on browser. Is there any way that a person other than its holder misuses by obtaining the ids? (for example, moving earned money to their account or change the person's information as a method of attacking)
-
In order to manipulate a user's Account or a Stripe Customer on your Platform an attacker would also need your Platform Account's Secret Key. That said, as a good practice you might want to use identifiers unique to your application publicly, and link those to Stripe ids in your database. – duck Jun 12 '17 at 16:28
-
Thanks for your advice. Could you suggest any source that might be helpful to link such identifier to Stripe ids? I already use a unique identifier for each customer and account, but it would be very thankful if I can know some resources to develop the linkage. – James Yoo Jun 12 '17 at 17:03
-
It could be as simple as defining database schema on your end which has a UUID column with ids for your application, in another column store the relevant stripe_id (e.g. cus_xxxyyyzzz, acct_xxxyyyzzz). Your own ids would be visible in the browser, for transactions with Stripe your backend would look up the relevant table, pull the stripe_id and make requests to Stripe using that Stripe id. – duck Jun 12 '17 at 23:11
-
Very simple and easy to understand. Thank you very much. – James Yoo Jun 13 '17 at 15:47
3 Answers
I think it's perfectly fine to expose stripe accountIds to the client. Like others have said, these ids are useless to an attacker unless the attacker gets your secret key.
Other answers argue that exposed ids + compromised secret make it easier for an attacker. That's true, but if the attacker has your secret, you're screwed anyway. It takes 1 GET request, to list all accountIds.

- 1,681
- 1
- 21
- 34
All sensitive information coming from the account id requires your Stripe Secret Key (or that of the account, for Connect accounts). That being said, if access to those keys is compromised, having the account ids readily available just makes it that much easier for an attacker.
With public keys, I'm not sure you can even add a card directly to a user. Just create the card tokens and what not.

- 4,308
- 2
- 20
- 48
I consider stripe connected account id similar to an email address. The email address needs to be publicly known in order for people to email you. If they want to read your emails they need your login (eg. password).

- 113
- 4
- 12