Stripe 401 Unauthorized - No valid API key provided

StackOverflow https://stackoverflow.com/questions/23493974

Question

I've followed Ryan Bates's Railscast 'Integrating Active Merchant' and after some fiddling around it's working or at least i don't receive any errors in Rails. When i check to the log in my Stripe account i see the following:

type: "invalid_request_error" message: "This API call cannot be made with a publishable API key. Please use a secret API key.

It's a 401 Unauthorized - No valid API key provided. error.

I have the below in my development environment. I've double checked the keys to see if they are mixed up and they're not.

ActiveMerchant::Billing::Base.mode = :test
::GATEWAY = ActiveMerchant::Billing::StripeGateway.new(

  :login => 'pk_test_yfredactedredactedfA',
  :password => 'sk_test_Rrredactedredacted2J')

Development.log shows:

Processing by OrdersController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"ZWredactedredactedredactedredactedad4=", "order"=>{"first_name"=>"", "last_name"=>"", "email"=>"", "address_1"=>"", "address_2"=>"", "city"=>"", "postal_code"=>"", "country_code"=>"United Kingdom", "card_number"=>"", "security_code"=>"", "card_expires_on(3i)"=>"1", "card_expires_on(2i)"=>"5", "card_expires_on(1i)"=>"2014"}, "commit"=>"Confirm and pay"}
[1m[36mProduct Load (0.1ms)[0m  [1mSELECT "products".* FROM "products" WHERE "products"."id" = ? LIMIT 1[0m  [["id", 2]]
[1m[35m (0.1ms)[0m  begin transaction
[1m[36mSQL (0.4ms)[0m  [1mINSERT INTO "orders" ("created_at", "updated_at") VALUES (?, ?)[0m  [["created_at", Tue, 06 May 2014 11:05:16 UTC +00:00], ["updated_at", Tue, 06 May 2014 11:05:16 UTC +00:00]]
[1m[36m (6.1ms)[0m  [1mcommit transaction[0m
[1m[35m (0.2ms)[0m  SELECT SUM("products"."price") AS sum_id FROM "products" WHERE "products"."id" IN (2)

Although i'm not sure it'll help

Thanks

Was it helpful?

Solution

According to the Stripe docs:

In addition to live and test mode, there are also two types of keys secret and publishable keys.

Publishable API keys are meant solely to identify your account with Stripe, they aren't secret. In other words, they can safely be published in places like your Stripe.js javascript code, or in an Android or iPhone app. Publishable keys only have the power to create tokens.

Secret API keys should never be published, and must be kept confidentially on your own servers. These keys can perform any API request to Stripe without restriction.

You'll never need to use them both at once, you use one or the other. The error you posted states:

This API call cannot be made with a publishable API key. Please use a secret API key.

You can distinguish the keys from the first few characters:

pk_test_... - publishable key for test mode
sk_test_... - secret key for test mode

So you need to provide the secret key where you provided the publishable key before. Here's an example of using the secret key with ActiveMerchant:

transaction = ActiveMerchant::Billing::StripeGateway.new(:login => STRIPE_SECRET_KEY)

(Note there's no :password given.)

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top