The stripe api key placement is very confusing #2055
Comments
|
I am having the same problem here, the way it's set up is rather confusing and not pythonic (there should only be 1 way of doing things). This also happens for DJSTRIPE_WEBHOOK_SECRET, do we add it in the settings.py or do we add it through webhook here: https://github.com/dj-stripe/dj-stripe/blob/master/docs/usage/webhooks.md? |
|
The settings are deprecated and they're only there for compatibility with older versions. Everything is in database. |
|
@jleclanche What is this AI generated response? Do you care to read the whole thing, not only one line? If I used my time to report a bug, why can't you put some effort into reading issues before closing them? Your docs say to use the settings for the API keys. |
|
@jTiKey The docs are outdated, this is a known issue (#1841) unrelated to this particular issue, sorry for lack of clarity here but please don't be hostile. In any case, I understand they right now are saying something incorrect on the website - use the in-database api keys and you shouldn't be getting this error. If you are still getting it in that setup, then something else is at play and feel free to reopen. |
That part is the legacy compatibility piece of code which creates API keys in database from the settings, if those are set. Make sure they are not set. This code will be gone in 3.0 |
|
I cannot reopen an issue you closed. I'm sure they are not set and I'm getting this error: |
|
@jleclanche What is the reasoning with storing API keys in the DB? This is a rather unusual approach and does not align with security best practices. |
The ability to have multiple API keys work. But yeah, I'd rather have that as an optional option and let people use the env keys without the db |
|
For what its worth the docs for the latest version 2.8 is now available at dj-stripe.dev |
|
Having the API keys in the db allows the application to act on behalf of multiple stripe accounts (multiple API keys) |
Seems outdated, since @jleclanche said using .env is obsolete. |
Im not saying its up to date Im simply saying that the docs from version 2.8 is available on the website Until recently the website only had version 2.5 |
|
Reopening until we have a bugfix or a clear "cannot reproduce" |
|
See also #2060 |
So, your docs say to put them in .env.
If you do that, the server start showing warnings:
If I remove them from the .env then the webhook breaks:
File "/workspace/.heroku/python/lib/python3.11/site-packages/djstripe/models/webhooks.py", line 207, in from_request stripe_account = StripeModel._find_owner_account(data=data) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/workspace/.heroku/python/lib/python3.11/site-packages/djstripe/models/base.py", line 344, in _find_owner_account return Account.get_or_retrieve_for_api_key(api_key) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/workspace/.heroku/python/lib/python3.11/site-packages/djstripe/models/account.py", line 147, in get_or_retrieve_for_api_key apikey_instance, _ = APIKey.objects.get_or_create_by_api_key(api_key) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/workspace/.heroku/python/lib/python3.11/site-packages/djstripe/models/api.py", line 42, in get_or_create_by_api_key key_type, livemode = get_api_key_details_by_prefix(secret) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/workspace/.heroku/python/lib/python3.11/site-packages/djstripe/models/api.py", line 28, in get_api_key_details_by_prefix raise InvalidStripeAPIKey(f"Invalid API key: {api_key!r}") djstripe.exceptions.InvalidStripeAPIKey: Invalid API key: ''`Software versions
Dj-Stripe version: 2.8.4
Python version: 3.11.8
Django version:4.2.11
Stripe API version: default
Database type and version: postgres 15
The text was updated successfully, but these errors were encountered: