Platforms can request two different levels of permission when connecting with Stripe accounts:
read only or
read and write.
This level is often used by services like Baremetrics or Intercom to provide you with deeper views and insights into your Stripe data. They cannot create charges on your behalf.
View all of your customers, subscriptions, charges, and payouts
View your account balance
View basic information about your account: business name, support phone number, time zone, etc.
List and view the same information above for your connected accounts
This level is used by platforms like Squarespace or Moonclerk to help their users accept payments online. They will be able to create subscriptions, customers, charges, refunds, and more. They cannot view credit card numbers or copy them off of Stripe.
All of the above read-only permissions
Create and update any object: customers, charges, invoices, plans, coupons, and subscriptions
Refund any charge
If a seller needs help with a payment or transaction, the platform’s account owner can look up the details either using the API or by getting a limited view of the user’s Dashboard. This limited view can help the platform troubleshoot with their users if there are any problems. (Note that platforms have always had the ability to create and access data on connected accounts via the API; this new capability allows them to manage the same data via the Dashboard.)
If you would like to see which platforms you have connected your Stripe account to and what permissions they have, go to the Connect tab in your Dashboard.
These platforms connect to Stripe accounts using the industry-standard OAuth 2 protocol, which ensures that you can control what permissions the platform receives and that they access your data securely, and you can revoke access at any time from the Dashboard.