WP Simple Pay Documentation

Documentation, Reference Materials, and Tutorials for WP Simple Pay

Tips & Tricks

Join our Newsletter

Please enable JavaScript in your browser to complete this form.
Get tips, tricks, and resources delivered directly to your mailbox.
WP Simple Pay
Save 50%!

How Can I Use a Restricted API Key?

Using a restricted Stripe API keys is not needed in the majority of use cases. Connecting with Stripe automatically creates an API key that restricts access to certain API endpoints (such as creating additional accounts) by default.

A restricted API key allows you to specify which Stripe resources the API key has access to read and/or write. This can be useful if your Stripe account is being used by multiple integrations, or is acting as a platform for other integrations.

If your Stripe account is not acting as a platform for other integrations we recommend using the standard API key automatically created by Connecting with Stripe.

To create a restricted key, follow the steps provided by Stripe. When creating the key, the permissions needed by WP Simple Pay include:

  • Apple Pay Domains: write (if using Apple Pay)
  • Customers: write
  • Events: read
  • PaymentIntents: write
  • Products: write
  • SetupIntents: write (if using free trials)
  • Checkout Sessions: write (if using Stripe Checkout)
  • Coupons: write (if using coupons)
  • Promotion Codes: write (if using coupons)
  • Credit notes: read
  • Prices: write
  • Subscriptions: write (if using subscriptions)
  • Tax Rates: write (if using tax rates)
  • Webhook Endpoints: write (or none if manually managing)
  • Tax Calculations & Transactions: write (if using automatic taxes)

Once you have created your restricted API key, disconnect from from Stripe (to remove previous API keys) via WP Simple Pay → Settings → Stripe → Account. Then, add the following custom code snippet to a WordPress mu-plugin to tell WP Simple Pay to use your new API keys:

<?php
/**
 * mu-plugin: Stripe API Keys
 */

/**
 * Returns the Stripe Secret key.
 */
function get_secret_key( $key ) {
	return 'rk_live_123';
}
add_filter( 'simpay_stripe_api_secret_key', 'get_secret_key' );
add_filter( 'simpay_secret_key', 'get_secret_key' );

/**
 * Returns the Stripe Publishable key.
 */
function get_publishable_key( $key ) {
	return 'pk_live_123';
}
add_filter( 'simpay_stripe_api_publishable_key', 'get_publishable_key' );
add_filter( 'simpay_publishable_key', 'get_publishable_key' );

You can also load these values from a PHP constant or environment variable defined elsewhere.

This technique should not be used (and is not supported) to send money to different Stripe accounts depending on which payment form is being used, or other variables.

Still have questions? We’re here to help!

Last Modified:

Start Accepting Payments Today

Start accepting one-time and recurring payments or donations on your WordPress website.