How Can I Use a Restricted API Key?
A restricted API key allows you to specify which Stripe resources the API key has access to read and/or write. This can be useful if your Stripe account is being used by multiple integrations, or is acting as a platform for other integrations.
To create a restricted key, follow the steps provided by Stripe. When creating the key, the permissions needed by WP Simple Pay include:
- Apple Pay Domains:
write(if using Apple Pay) - Customers:
write - Events:
read - PaymentIntents:
write - Products:
write - SetupIntents:
write(if using free trials) - Checkout Sessions:
write(if using Stripe Checkout) - Coupons:
write(if using coupons) - Promotion Codes:
write(if using coupons) - Credit notes:
read - Prices:
write - Subscriptions:
write(if using subscriptions) - Tax Rates:
write(if using tax rates) - Webhook Endpoints:
write(or none if manually managing) - Tax Calculations & Transactions:
write(if using automatic taxes)
Once you have created your restricted API key, disconnect from from Stripe (to remove previous API keys) via WP Simple Pay → Settings → Stripe → Account. Then, add the following custom code snippet to a WordPress mu-plugin to tell WP Simple Pay to use your new API keys:
<?php
/**
* mu-plugin: Stripe API Keys
*/
/**
* Returns the Stripe Secret key.
*/
function get_secret_key( $key ) {
return 'rk_live_123';
}
add_filter( 'simpay_stripe_api_secret_key', 'get_secret_key' );
add_filter( 'simpay_secret_key', 'get_secret_key' );
/**
* Returns the Stripe Publishable key.
*/
function get_publishable_key( $key ) {
return 'pk_live_123';
}
add_filter( 'simpay_stripe_api_publishable_key', 'get_publishable_key' );
add_filter( 'simpay_publishable_key', 'get_publishable_key' );You can also load these values from a PHP constant or environment variable defined elsewhere.
Still have questions? We’re here to help!
Last Modified: