API Reference

The Stripe API is organized around REST. Our API has predictable resource-oriented URLs, accepts form-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.

You can use the Stripe API in test mode, which does not affect your live data or interact with the banking networks. The API key you use to authenticate the request determines whether the request is live mode or test mode.

The Stripe API differs for every account as we release new versions and tailor functionality. Log in to see docs customized to your version of the API, with your test key and data.

Subscribe to Stripe's API announce mailing list for updates.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);
POST
/v1/ava/endpoint/ids

// You can edit this code!
// Click here and start typing.
package main

import "fmt"

func main() {
  fmt.Println("Hello, 世界")
}
POST
/v1/ava/endpoint/ids

# Python 3: Fibonacci series up to n
>>> def fib(n):
>>>     a, b = 0, 1
>>>     while a < n:
>>>         print(a, end=' ')
>>>         a, b = b, a+b
>>>     print()
>>> fib(1000)
0 1 1 2 3 5 8 13 21 34 55 89 144 233 377 610 987
RESPONSE
{
  "id": "or_1Ce6vg2eZvKYlo2CcQtHtXdu",
  "object": "order",
  "amount": 1500,
  "amount_returned": 1500,
  "application": null,
  "application_fee": null,
  "charge": "ch_1Ce6vm2eZvKYlo2CHPf2Ho6S",
  "created": 1529265172,
  "currency": "usd",
  "customer": null,
  "email": "jenny.rosen@example.com",
  "items": [
    {
      "type": "sku",
      "parent": "sku_G3qQngkSaByvzT"
    }
  ],
  "livemode": false,
  "metadata": {
    "order_id": "6735"
  },
}

Authentication

The Stripe API uses API keys to authenticate requests. You can view and manage your API keys in the Stripe Dashboard.

Test mode secret keys have the prefix sk_test_ and live mode secret keys have the prefix sk_live_. Alternatively, you can use restricted API keys for granular permissions.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Authentication to the API is performed via HTTP Basic Auth. Provide your API key as the basic auth username value. You do not need to provide a password.

If you need to authenticate via bearer auth (e.g., for a cross-origin request), use -H "Authorization: Bearer sk_test_4eC39HqLyjWDarjtT1zdp7dc" instead of -u sk_test_4eC39HqLyjWDarjtT1zdp7dc.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);
POST
/v1/ava/endpoint/ids

// You can edit this code!
// Click here and start typing.
package main

import "fmt"

func main() {
  fmt.Println("Hello, 世界")
}
POST
/v1/ava/endpoint/ids

# Python 3: Fibonacci series up to n
>>> def fib(n):
>>>     a, b = 0, 1
>>>     while a < n:
>>>         print(a, end=' ')
>>>         a, b = b, a+b
>>>     print()
>>> fib(1000)
0 1 1 2 3 5 8 13 21 34 55 89 144 233 377 610 987
POST
/v1/ava/endpoint/ids


def sum_eq_n?(arr, n)
  return true if arr.empty? && n == 0
  arr.product(arr).reject { |a,b| a == b }.any? { |a,b| a + b == n }
end

RESPONSE
{
  "id": "or_1Ce6vg2eZvKYlo2CcQtHtXdu",
  "object": "order",
  "amount": 1500,
  "amount_returned": 1500,
  "application": null,
  "application_fee": null,
  "charge": "ch_1Ce6vm2eZvKYlo2CHPf2Ho6S",
  "created": 1529265172,
  "currency": "usd",
  "customer": null,
  "email": "jenny.rosen@example.com",
  "items": [
    {
      "type": "sku",
      "parent": "sku_G3qQngkSaByvzT"
    }
  ],
  "livemode": false,
  "metadata": {
    "order_id": "6735"
  },
}

Pagination

The Stripe API uses API keys to authenticate requests. You can view and manage your API keys in the Stripe Dashboard.

Test mode secret keys have the prefix sk_test_ and live mode secret keys have the prefix sk_live_. Alternatively, you can use restricted API keys for granular permissions.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Authentication to the API is performed via HTTP Basic Auth. Provide your API key as the basic auth username value. You do not need to provide a password.

If you need to authenticate via bearer auth (e.g., for a cross-origin request), use -H "Authorization: Bearer sk_test_4eC39HqLyjWDarjtT1zdp7dc" instead of -u sk_test_4eC39HqLyjWDarjtT1zdp7dc.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Attributes
  • type string

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

  • doc_url required

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

  • charge string

    For card errors, the ID of the failed charge.

  • code string

    For some errors that could be handled programmatically, a short string indicating the error code reported.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

Request ID's

Each API request has an associated request identifier. You can find this value in the response headers, under Request-Id. You can also find request identifiers in the URLs of individual request logs in your Dashboard. If you need to contact us about a specific request, providing the request identifier will ensure the fastest possible resolution.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

Authentication

Test mode secret keys have the prefix Alternatively, you can use for granular permissions.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

post responses

Test mode secret keys have the prefix Alternatively, you can use for granular permissions.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

GET responses

Test mode secret keys have the prefix Alternatively, you can use for granular permissions.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

error handling

Test mode secret keys have the prefix Alternatively, you can use for granular permissions.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

Request ID's

Each API request has an associated request identifier. You can find this value in the response headers, under Request-Id. You can also find request identifiers in the URLs of individual request logs in your Dashboard. If you need to contact us about a specific request, providing the request identifier will ensure the fastest possible resolution.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

Authentication

Test mode secret keys have the prefix Alternatively, you can use for granular permissions.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

post responses

Test mode secret keys have the prefix Alternatively, you can use for granular permissions.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

GET responses

Test mode secret keys have the prefix Alternatively, you can use for granular permissions.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

error handling

Test mode secret keys have the prefix Alternatively, you can use for granular permissions.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

Something Else

The Stripe API uses API keys to authenticate requests. You can view and manage your API keys in the Stripe Dashboard.

Test mode secret keys have the prefix sk_test_ and live mode secret keys have the prefix sk_live_. Alternatively, you can use restricted API keys for granular permissions.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Authentication to the API is performed via HTTP Basic Auth. Provide your API key as the basic auth username value. You do not need to provide a password.

If you need to authenticate via bearer auth (e.g., for a cross-origin request), use -H "Authorization: Bearer sk_test_4eC39HqLyjWDarjtT1zdp7dc" instead of -u sk_test_4eC39HqLyjWDarjtT1zdp7dc.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Attributes
  • type string

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

  • doc_url required

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

  • charge string

    For card errors, the ID of the failed charge.

  • code string

    For some errors that could be handled programmatically, a short string indicating the error code reported.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

New Child Method

Each API request has an associated request identifier. You can find this value in the response headers, under Request-Id. You can also find request identifiers in the URLs of individual request logs in your Dashboard. If you need to contact us about a specific request, providing the request identifier will ensure the fastest possible resolution.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

Authentication

Test mode secret keys have the prefix Alternatively, you can use for granular permissions.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

post responses

Test mode secret keys have the prefix Alternatively, you can use for granular permissions.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

GET responses

Test mode secret keys have the prefix Alternatively, you can use for granular permissions.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

error handling

Test mode secret keys have the prefix Alternatively, you can use for granular permissions.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);

Something Else

The Stripe API uses API keys to authenticate requests. You can view and manage your API keys in the Stripe Dashboard.

Test mode secret keys have the prefix sk_test_ and live mode secret keys have the prefix sk_live_. Alternatively, you can use restricted API keys for granular permissions.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Authentication to the API is performed via HTTP Basic Auth. Provide your API key as the basic auth username value. You do not need to provide a password.

If you need to authenticate via bearer auth (e.g., for a cross-origin request), use -H "Authorization: Bearer sk_test_4eC39HqLyjWDarjtT1zdp7dc" instead of -u sk_test_4eC39HqLyjWDarjtT1zdp7dc.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Attributes
  • type string

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

  • doc_url required

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

  • charge string

    For card errors, the ID of the failed charge.

  • code string

    For some errors that could be handled programmatically, a short string indicating the error code reported.

Was this section helpful?

POST
/v1/ava/endpoint/ids
curl https://api.stripe.com/v1/credit_notes/cn_1FWqvi2eZvKYlo2CZd3TwT6n \
  -u sk_test_4eC39HqLyjWDarjtT1zdp7dc: \
  -d "metadata[order_id]=6735"
POST
/v1/ava/endpoint/ids
var stripe = require('stripe')('sk_test_4eC39HqLyjWDarjtT1zdp7dc');

stripe.creditNotes.retrieve(
  'cn_1FWuAc2eZvKYlo2C1Kbk7sKK',
  function(err, creditNote) {
    // asynchronously called
  }
);