Stripe
Authentication & Authorization
Credentials
- Stripe connects via Basic Authentication using a special API Key as credentials.
- API Key is set with the HTTP Authorization request header.
- Your API Key can be created in the Stripe Dashboard Developers menu (see Stripe Connection Instructions).
- Publicly exposing your API credentials can allow unauthorized access to the Stripe API endpoints, and your Stripe data by a third party. DataGrail stores your API credentials encrypted and protected.
Permissions
When creating an API key, the user must be granted the following permissions:
- All core resources:
- Charges: Read
- Disputes: Read
- Customers: Write
- Events: Read
- PaymentIntents: Read
- PaymentMethods: Read
- Sources: Write
- All Billing resources:
- Invoices: Read
- Subscriptions: Read
- All Orders resources:
- Orders: Read
- All Issuing resources:
- Authorizations: Read
- Cardholders: Read
- Cards: Read
- Transactions: Read
Optionally, if the Data Discovery capability is required and the additional objects need to be sampled: Disputes, Events, Refunds, Accounts, Checkout Sessions, Identity Verification Reports, Payment Links, Payouts, Reviews, Setup Intents, Tax Settings, Top-ups, External Accounts, Persons, the following permissions must also be granted:
- All Connect resources: Read
- All Checkout resources
- Checkout Sessions: Read
- Identity
- Identity Verification Sessions and Reports: Read
- All Payment Links resources
- Payment Links: Read
- Radar
- Reviews: Read
- Tax
- Tax Settings and Registrations: Read
Endpoints Utilized
DataGrail uses the following endpoint to validate that credentials are good based on a successful response:
- GET https://api.stripe.com/v1/customers
- GET https://api.stripe.com/v1/invoices
- GET https://api.stripe.com/v1/orders
- DELETE https://api.stripe.com/v1/customers/{customer_id} (only if customer_id is configured)
Version
Stripe integration currently supports version 1 (v1).
Limits
DataGrail uses default throttling rules to avoid rates faster than 50 requests per minute and 10000 requests per day.
Access
For an access request, DataGrail will take the following actions:
-
Search for customers whose email matches the email from the Data Subject provided in the request.
-
For each of the collected customers:
-
Search for cardholders whose email matches the email from the Data Subject provided in the request.
-
For each of the collected cardholders:
-
For all objects found, DataGrail will return all available fields. You can edit which objects and fields you want to provide to the Data Subject via our Portal Requests.
Endpoints Utilized
-
GET https://api.stripe.com/v1/customers
-
GET https://api.stripe.com/v1/customers/{{customer_id}}/sources
-
GET https://api.stripe.com/v1/customers/{{customer_id}}/tax_ids
-
GET https://api.stripe.com/v1/charges
-
GET https://api.stripe.com/v1/payment_methods
-
GET https://api.stripe.com/v1/payment_intents
-
GET https://api.stripe.com/v1/invoices
-
GET https://api.stripe.com/v1/subscriptions
-
GET https://api.stripe.com/v1/orders
-
GET https://api.stripe.com/v1/issuing/cardholders
-
GET https://api.stripe.com/v1/issuing/authorizations
-
GET https://api.stripe.com/v1/issuing/cards
-
GET https://api.stripe.com/v1/issuing/transactions
Deletion
For a deletion request, DataGrail will take the following actions:
-
Request a customer be permanently deleted. It cannot be undone and also immediately cancels any active subscriptions on the customer.
-
Deletes bank accounts from a customer.
-
Deletes cards from a customer.
Endpoints Utilized
-
DELETE https://api.stripe.com/v1/customers/{{customer_id}}
-
DELETE https://api.stripe.com/v1/customers/{{customer_id}}/sources/{{item_id}}
Responsible Data Discovery
Data discovery is based on the principle of finding any and all personal data that's stored in a data system.
Currently, DataGrail integration discovers the following Stripe objects:
- Customers
- Payment Methods
- Charges
- Payment Intents
- Invoices
- Subscriptions
- Orders
- Customer Bank Accounts (related to the customer)
- Cards (related to the customer)
- Tax IDs (related to the customer)
Optionally, if the appropriate permissions were granted when creating the API key (see the connection instructions):
- Disputes
- Events
- Refunds
- Accounts
- Checkout Sessions
- Identity Verification Reports
- Payment Links
- Payouts
- Reviews
- Setup Intents
- Tax Settings
- Top-ups
- External Accounts (related to owner's account)
- Persons (related to owner's account)
For accounts for which Issuing is set up:
- Cardholders
- Authorizations
- Cards
- Transactions
For accounts onboarded to Treasury:
- Treasury Financial Accounts
For discovery requests, DataGrail will take the following actions:
- Count number of all records for each of supported objects.
- Fetch records examples for each of the supported object.
- Sampling data for the next analysis and classification.
Endpoints Utilized
-
GET https://api.stripe.com/v1/customers
-
GET https://api.stripe.com/v1/payment_methods
-
GET https://api.stripe.com/v1/charges
-
GET https://api.stripe.com/v1/payment_intents
-
GET https://api.stripe.com/v1/invoices
-
GET https://api.stripe.com/v1/subscriptions
-
GET https://api.stripe.com/v1/orders
-
GET https://api.stripe.com/v1/disputes
-
GET https://api.stripe.com/v1/events
-
GET https://api.stripe.com/v1/refunds
-
GET https://api.stripe.com/v1/issuing/cardholders
-
GET https://api.stripe.com/v1/issuing/authorizations
-
GET https://api.stripe.com/v1/issuing/cards
-
GET https://api.stripe.com/v1/issuing/transactions
-
GET https://api.stripe.com/v1/treasury/financial_accounts
-
GET https://api.stripe.com/v1/accounts
-
GET https://api.stripe.com/v1/account
-
GET https://api.stripe.com/v1/checkout/sessions
-
GET https://api.stripe.com/v1/identity/verification_reports
-
GET https://api.stripe.com/v1/payment_links
-
GET https://api.stripe.com/v1/payouts
-
GET https://api.stripe.com/v1/reviews
-
GET https://api.stripe.com/v1/setup_intents
-
GET https://api.stripe.com/v1/tax/settings
-
GET https://api.stripe.com/v1/topups
-
GET https://api.stripe.com/v1/customers/{customer_id}/bank_accounts
-
GET https://api.stripe.com/v1/customers/{customer_id}/cards
-
GET https://api.stripe.com/v1/customers/{customer_id}/tax_ids
-
GET https://api.stripe.com/v1/accounts/{account_id}/external_accounts
-
GET https://api.stripe.com/v1/accounts/{account_id}/persons
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.