Security, Permissions, and Access Levels when Connecting your Stripe Account to a Third-Party Platform
What permissions does the platform receive when connecting a Stripe account? What information can they see?
Platforms can request two different levels of permission when connecting with Stripe accounts:
read only or
read and write.
This level is often used by services like Baremetrics or Intercom to provide you with deeper views and insights into your Stripe data. They cannot create charges on your behalf.
View all of your customers, subscriptions, charges, and payouts
View your account balance
View basic information about your account: business name, support phone number, timezone, etc.
List and view above info on your connected accounts
Read and write
This level is used by platforms like Squarespace or Moonclerk to help their users accept payments online. They’ll be able to create subscriptions, customers, charges, refunds, and more. They cannot view credit card numbers or copy them off of Stripe.
All of the above read permissions
Create and update any object: customers, charges, invoices, plans, coupons, and subscriptions
Refund any charge
If a seller needs help with a payment or transaction, the platform’s account owner can look up the details either using the API or by getting a limited view of the user’s Dashboard. This limited view can help the platform troubleshoot with their users if there’s ever any problems. (Note that platforms have always had the ability to create and access data on connected accounts via the API; this new capability simply allows them to manage the same data via the Dashboard.)
Checking the permission levels of your connected platforms
If you’d like to see which platforms you have connected your Stripe account to (and what permissions they have), go to the Connect tab in your Dashboard.
Security and revoking access
These platforms connect to Stripe accounts using the industry-standard OAuth 2 protocol, which ensures that you can control what permissions the platform receives and that they access your data securely, and you can revoke access at any time from the Dashboard.