Which Stripe API key is used on the server-side and must be kept secret?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Stripe Fundamentals Exam. Use flashcards and multiple-choice questions with explanations to maximize your score. Explore essential concepts and hone your skills for a successful exam experience.

Multiple Choice

Which Stripe API key is used on the server-side and must be kept secret?

Explanation:
The key concept here is that sensitive account actions to Stripe should be done with a secret key that lives on your server. Stripe provides two main kinds of keys: publishable keys for client-side use and secret keys for server-side use. The secret key (sk_ prefix) is what your backend uses to authenticate requests that can create charges, customers, refunds, and other privileged operations. Because it can access and modify billing data, it must never be exposed in client-side code or in public repositories; store it securely (for example, in environment variables or a secrets manager) and rotate it if needed. There are separate keys for test mode and live mode, so you use the test secret key during development and switch to the live secret key in production. Publishable keys (pk_ prefix) are designed to be safe to expose to the client and are used only for non-privileged operations, such as tokenizing card details with Stripe.js.

The key concept here is that sensitive account actions to Stripe should be done with a secret key that lives on your server. Stripe provides two main kinds of keys: publishable keys for client-side use and secret keys for server-side use. The secret key (sk_ prefix) is what your backend uses to authenticate requests that can create charges, customers, refunds, and other privileged operations. Because it can access and modify billing data, it must never be exposed in client-side code or in public repositories; store it securely (for example, in environment variables or a secrets manager) and rotate it if needed. There are separate keys for test mode and live mode, so you use the test secret key during development and switch to the live secret key in production. Publishable keys (pk_ prefix) are designed to be safe to expose to the client and are used only for non-privileged operations, such as tokenizing card details with Stripe.js.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy