Stripe Restricted Keys
Stripe restricted API key permissions — full map
Every permission on the Restricted Key form, what it unlocks, what breaks if you leave it at None, and how much money is exposed if an agent loops on that endpoint.
TL;DR
Restricted Key permissions are grouped by Stripe resource (Charges, Refunds, Customers, etc.). Each resource offers None / Read / Write. Write implies Read. The rows below are the ones most agents need; the runaway-risk column is what matters when the agent gets stuck — not what the feature does under normal use.
How to read the table
Three columns you should weigh before ticking any permission:
- What it enables. The concrete agent action — not the docs description, the thing the agent will actually do on a Tuesday at 2 a.m.
- What breaks if
None. Which agent workflows stop working. Useful to decide whether to tick this for a specific use case. - Runaway risk. If the agent gets stuck calling this endpoint in a loop, what's the worst case by morning? Measured in money moved, customers affected, or external systems pinged.
Core payments permissions
| Permission | What Write enables | What breaks if None | Runaway risk |
|---|---|---|---|
| Charges | Create, update, capture charges | Cannot create new charges or capture pre-authed ones | High — loop creates real charges against saved cards |
| Refunds | Issue refunds on existing charges | Cannot refund | High — loop refunds entire recent charge history |
| PaymentIntents | Create, confirm, cancel payment intents | Cannot use the modern payments API at all | High — same risk profile as Charges; the modern path |
| SetupIntents | Attach payment methods for future off-session use | Cannot save cards for later | Medium — no money moves, but enables future charges |
| Disputes | Submit evidence, accept liability, close disputes | Cannot interact with disputes | Medium — can unnecessarily accept chargebacks |
Customer and PM permissions
| Permission | What Write enables | What breaks if None | Runaway risk |
|---|---|---|---|
| Customers | Create, update, delete customers | Cannot manage customer records | Medium — can corrupt customer data; combined with Charges, unbounded |
| PaymentMethods | Attach, detach, update payment methods | Cannot move cards between customers | Medium — card-hygiene disasters more than money loss |
| Sources / Cards / Bank Accounts | Legacy payment-method surfaces | Legacy integrations break | Low — most agents should leave these off entirely |
| Tax IDs | Attach tax IDs to customers | Cannot set customer tax IDs via API | Low — data quality issue, not financial |
Subscription & invoicing permissions
| Permission | What Write enables | What breaks if None | Runaway risk |
|---|---|---|---|
| Subscriptions | Create, update, cancel subscriptions | Cannot manage recurring billing | High — can mass-cancel or mass-upgrade the book |
| Invoices | Draft, finalize, pay, void invoices | Cannot issue invoices | High — finalizing a looping draft charges the customer |
| Invoice Items | Add line items to upcoming invoices | Cannot pre-seed invoice lines | Medium — feeds Invoices risk if combined |
| Credit Notes | Issue credit notes against paid invoices | Cannot issue credits | Medium — unbounded credits are real money out |
| Plans / Prices | Create and update pricing objects | Cannot programmatically manage catalog | Low — new objects don't auto-bill anyone |
| Products | Create and update products | Cannot manage catalog | Low — same as Plans |
| Coupons / Promotion Codes | Create discount artifacts | Cannot programmatically issue discounts | Medium — loop creates uncapped discount codes |
Payouts, Transfers, Balance
| Permission | What Write enables | What breaks if None | Runaway risk |
|---|---|---|---|
| Payouts | Create manual payouts to your bank | Cannot trigger manual payouts (auto-payouts unaffected) | Very high — moves funds out of Stripe |
| Transfers | Move funds to connected accounts | Cannot split funds in Connect flows | Very high — Connect platforms should think twice |
| Balance | Read-only on the balance endpoint | Cannot read available balance | None — read-only |
| Balance Transactions | Read the ledger | Cannot reconcile | None — read-only |
Connect-specific permissions
| Permission | What Write enables | What breaks if None | Runaway risk |
|---|---|---|---|
| Accounts | Create, update, delete connected accounts | Cannot onboard new merchants | High — can orphan or corrupt merchant data |
| Account Links | Generate onboarding URLs | Cannot redirect merchants to the Stripe-hosted flow | Low — just URLs |
| Application Fees | Refund platform fees | Cannot return platform fees | Medium — mass-refund of fees = mass revenue loss |
| Capabilities | Request capabilities on connected accounts | Cannot programmatically request card payments etc. | Low — administrative |
Supporting and metadata permissions
| Permission | What Write enables | What breaks if None | Runaway risk |
|---|---|---|---|
| Webhook Endpoints | Create, update, delete webhook subscriptions | Cannot programmatically wire new webhooks | High — can reroute webhooks to an attacker-controlled URL |
| Events | Read event history | Cannot paginate audit data | None — read-only |
| Files | Upload files for disputes / identity | Cannot upload evidence | Low — storage only |
| Reports | Trigger report runs | Cannot fetch large reports | Low — reporting only |
| Radar Sessions / Reviews | Manage fraud signals and manual reviews | Cannot close Radar reviews programmatically | Medium — can approve fraud if paired with Charges |
| Sigma / Data Exports | Run Sigma queries | Cannot run Sigma programmatically | Low — read-only analytics |
Permissions most agents should leave at None
A useful heuristic: if your agent's job description doesn't literally reference the feature, leave the permission at None. In particular, we recommend default-off on Payouts, Transfers, Webhook Endpoints, Subscriptions, and Invoices unless the agent explicitly manages those surfaces. The bar to enable is "this agent's intended behavior requires this resource", not "this agent might find this useful."
Where the Restricted Key model runs out
Three classes of problem Restricted Keys cannot solve, no matter how carefully you pick the permissions:
- Amount limits.
Refunds: Writeis "any refund, any amount, any count." No dollar ceiling. A stuck loop exits only when Stripe's rate limit does. - Record-level scoping.
Charges: Writeis all charges, not just the ones the agent created. You cannot restrict the key to a cohort. - Mid-run revocation. Rotating a Restricted Key takes human time in the Dashboard. If the loop is running, you have a 60-90 second exposure window while a human logs in, finds the key, and clicks revoke.
Read the longer answer on which Stripe-native controls cover which agent scenarios, and where you still have to build your own.
How Keybrake helps
Keybrake attaches three things the Restricted Key itself can't: a daily dollar cap per resource, a customer / merchant allowlist, and sub-second revocation that propagates to every in-flight agent on the next call. You keep the Restricted Key as our upstream; your agents get Keybrake-issued vault keys with the additional policies layered on top. See the full feature set →
Related questions
Does Write imply Read?
Yes. Stripe's permission model is hierarchical: enabling Write on a resource automatically enables Read on that resource. You cannot have Write without Read.
Can I enable a permission for just some endpoints within a resource?
No. Restricted Keys are resource-level, not path-level. Refunds: Write is every endpoint under Refunds, not just POST /v1/refunds. Path-level scoping requires either a wrapper in your code or a proxy.
If I change permissions later, does it affect the existing key?
Yes — Stripe applies the updated scope set immediately. The key string doesn't change; the permissions attached to it do. Useful for tightening, but be aware that in-flight calls made at the instant of change may fail unexpectedly.
How many Restricted Keys can I have on one Stripe account?
Practically unlimited for normal use. A common pattern is one per agent role (support-refund, catalog-update, invoice-read), so revoking one does not affect others.
Further reading
- A working Restricted Key example — the exact scopes for a refund-issuing support agent.
- How to get a Stripe Restricted API key — the step-by-step walkthrough.
- How to give an AI agent a Stripe API key — the five controls you need, and where Stripe gives them to you.