Stripe Payments - Using a Restricted API Key

Modified on Tue, 23 Jul at 10:25 AM

RollCall are thankful for the contributions our clients openly share with us to improve our product and training resources. 

The following information is courtesy of our collaboration with Wilson Cheng - ICT Director and Technologies Teacher at St George Christian School.


RollCall encourage our clients to exercise caution when granting permissions to their systems via API connections. The Stripe payment facility allows clients to set up Restricted Keys which limit the permissions to your payment facility to only those that are necessary for the thrid-party processing to be successful.
Below are the specific permissions RollCall needs:
  1. Charges:
    • Create and capture charges
    • View and refund charges
  2. Customers:
    • Create and update customer data
    • View customer data
  3. Payment Methods:
    • View and manage payment methods associated with customers
  4. Payment Intents:
    • Create and confirm payment intents
    • View payment intent details
  5. Webhooks:
    • Create and manage webhook endpoints
    • Receive event notifications
  6. Balance:
    • View account balance and transactions (for reconciliation purposes)
  7. Reporting:
    • Access basic reporting features for transaction history
We do not require permissions for:
  • Managing your Stripe account settings
  • Viewing or managing your payout schedule
  • Accessing other Stripe products not related to payment processing
And here is how this looks in your Stripe Admin console when you Create a Restricted API Key


Change the following Permissions in the core resources list



And the Reporting resources list




All other API resources can remain as permission = None


Instead of your full Admin rights Secret key, you can then provide us with the Publishable Key and the Restricted key created specifically for your RollCall payment gateway.




If you have any questions about these permissions or need assistance with setting them up, please don't hesitate to contact us via [email protected]



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article