Send your first Stripe API request

Get started with the Stripe API.

Every call to a Stripe API must include an API secret key. After you create a Stripe account, we generate two pairs of API keys for you—a publishable client-side key and a secret server-side key—for both testing in a sandbox and in live modes. To start moving real money with your live-mode keys, you must set up your Stripe account.

Before you begin

This guide walks you through a simple interaction with the Stripe API—creating a customer. For a better understanding of Stripe API objects and how they fit together, take a tour of the API or visit the API reference. If you’re ready to start accepting payments, see our quickstart.

Send your first API request

You can begin exploring Stripe APIs using the Stripe Shell. The Stripe Shell allows you to execute Stripe CLI commands directly within the Stripe docs site. As it operates in a sandbox environment only, you don’t have to worry about initiating any real money-moving transactions.

To create a customer using the Stripe Shell, enter the following command:

Command Line
stripe customers create --email=jane.smith@email.com --name="Jane Smith" --description="My First Stripe Customer"

If everything worked, the command line displays the following response:

{
  "id": "cus_LfctGLAICpokzr"
,
  "object": "customer"
,

(Optional) Run the same command by passing in your API secret key in a sandbox:

Command Line
stripe customers create --email=jane.smith@email.com --name="Jane Smith" --description="My First Stripe Customer" --api-key sk_test_BQokikJOvBiI2HlWgH4olfQ2

If everything worked, the command line displays the following response:

{
  "id": "cus_LfdZgLFhah76qf"
,
  "object": "customer"
,

View logs and events

Whenever you make a call to Stripe APIs, Stripe creates and stores API and Events objects for your Stripe user account. The API key you specify for the request determines whether the objects are stored in a sandbox environment or in live mode. For example, the last request used your API secret key, so Stripe stored the objects in a sandbox.

To view the API request log:
- Open the Logs page.
- Click 200 OK POST /v1 customers.
To view the Event log:
- Open the Events page.
- Click jane.smith@email.com is a new customer.

Store your API keys

Stripe supports different types of API keys for different use cases. You’re responsible for managing these keys safely. In particular, treat secret keys and restricted API keys (RAKs) as sensitive and don’t expose them outside your server environment. To keep your business safe, read and understand best practices for managing secret API keys.

Develop and test and your application with sandbox keys, not live-mode keys, to make sure you don’t accidentally modify your live customers or charges.

Type	Safe to expose	Generated by default	Description
Sandbox secret key `sk_test_`	No	Yes	Authenticate requests on your server when you’re testing in a sandbox. By default, you can use this key to perform any API request without restriction.
Sandbox restricted API key (RAK) `rk_test_`	No	No	Like a secret key, but with Stripe API permissions you control. You can use different RAKs in different parts of your code to precisely fit permissions to app components. Use a sandbox RAK to refine your app’s Stripe API permissions before creating live mode RAKs.
Sandbox publishable key `pk_test_`	Yes	Yes	Test requests in your web or mobile app’s client-side code.
Live mode secret key `sk_live_`	No	Yes	Authenticate requests on your server when in live mode. By default, you can use this key to perform any API request without restriction.
Live mode restricted API key (RAK) `rk_live_`	No	No	Assign custom permissions to server-side components to give each part of your app exactly the Stripe API permissions it needs. Using a RAK instead of a secret key limits the potential for damage if a key is accidentally exposed or your app is compromised.
Live mode publishable key `pk_live_`	Yes	Yes	When you’re ready to launch your app, use this key in your web or mobile app’s client-side code.

Find your API keys in the Stripe dashboard. If you can’t view your API keys but need to manage keys for your app, ask the owner of your Stripe account to add you to their team with the proper permissions.

If you’re logged in to Stripe, our documentation includes your test API keys in some places to illustrate API usage. Only you can see these values. If you’re not logged in, our code examples include randomly generated API keys.

Webhook signing secrets

Webhook signing secrets aren’t API keys—they’re per-webhook secrets that your webhook receiver uses to authenticate that webhooks actually came from Stripe. You can find the signing secret for each webhook endpoint in the Webhooks section of the Dashboard.