Stripe Key on the view

In some tutorials,you'll find that integrating Stripe with Laravel you've to embed on the key on the view. Isn't this risky as someone can view the key by just viewing the page source? See the code below:


<form role="form" action="{{ route('stripe.post') }}" method="post" class="require-validation"
                                                     data-cc-on-file="false"
                                                    data-stripe-publishable-key="pk_test_reFxwbsm9cdCKASdTfxAR"
                                                    id="payment-form">

Sti3bas

6 years ago

Best Answer

Level 53

There are also two types of API keys: publishable and secret.

Publishable API keys are meant solely to identify your account with Stripe, they aren’t secret. In other words, they can safely be published in places like your Stripe.js JavaScript code, or in an Android or iPhone app. Publishable keys only have the power to create tokens.

Secret API keys should be kept confidential and only stored on your own servers. Your account’s secret API key can perform any API request to Stripe without restriction.

https://stripe.com/docs/keys

kenprogrammer

6 years ago

Level 2

Ok Thank You

Please or to participate in this conversation.