Security, permissions, and access levels when connecting to a Platform
What permissions does the platform receive when connecting a Stripe account? What information can they see?
Platforms can request two different levels of permission when connecting with Stripe accounts: read only, or read and write.
This level is often used by services like Baremetrics or Intercom to provide you with deeper views and insights into your Stripe data. They cannot create charges on your behalf.
- View all of your customers, subscriptions, charges, and payouts
- View your account balance
- View basic information about your account: business name, support phone number, timezone, etc.
- List and view above info on your connected accounts
This level is used by platforms like Squarespace or Moonclerk to help their users accept payments online. They’ll be able to create subscriptions, customers, charges, refunds, and more. They cannot view credit card numbers or copy them off of Stripe.
- All of the above read permissions
- Create and update any object: customers, charges, invoices, plans, coupons, and subscriptions
- Refund any charge
- Delete customers
If a seller needs help with a payment or transaction, the platform’s account owner can look up the details either using the API or by getting a limited view of the user’s Dashboard. This limited view can help the platform troubleshoot with their users if there’s ever any problems. (Note that platforms have always had the ability to create and access data on connected accounts via the API; this new capability simply allows them to manage the same data via the Dashboard.)
If you’d like to see which platforms you’ve connected your Stripe account to (and what permissions they have), go to the Connect tab in your Dashboard.
These platforms connect to Stripe accounts using the industry-standard OAuth 2 protocol, which ensures that you can control what permissions the platform receives and that they access your data securely, and you can revoke access at any time from the Dashboard.