Why use a Restricted Key instead of a regular secret key?

A regular Stripe secret key (sk_live_) has full read-and-write access to every resource in your account: charges, refunds, customers, payouts, Connect, the lot. If your agent leaks that key (prompt injection, logs, env exfil) the attacker has unbounded access. A Restricted Key (rk_live_) limits the leak to only the resources you ticked. The picker exists because untick-everything-then-tick-back is tedious and people end up over-granting.

Does Stripe Restricted Keys have a per-day USD cap?

No. Restricted Keys cap which resources and verbs are reachable, not how many dollars can move per day. A key with Charges Write and Refunds Write can move unlimited money in either direction until you revoke it. That is the gap Keybrake fills with per-vendor daily caps and a sub-second mid-run revoke; see /seo/stripe-api-key-with-restricted-access for the ten-control coverage matrix.

What does blast-radius score actually mean?

It is the maximum dollar exposure the scope grants if the key leaks and an attacker drives it as fast as Stripe rate limits allow for 60 seconds. Extreme means the scope can cause irreversible cash exfil (Payouts, ConnectedAccounts manage), High means six-figure recoverable charge exposure (Charges Write, Refunds Write), Medium means recurring revenue or invoicing impact (Subscriptions Write, Invoices Write), Low means no direct dollar movement (read-only, products, prices, webhook read). The numbers are bounds, not predictions.

Why does Charge new cards include PaymentMethods Write?

Stripe's modern flow for accepting a new card is PaymentIntent + PaymentMethod attach. Without PaymentMethods Write the agent cannot save a card token to a customer for re-use. If your flow only accepts one-shot payments via Checkout Sessions, untick Charge new cards and tick Generate Checkout Sessions instead — that path delegates payment-method handling to Stripe's hosted UI and your agent never holds the PM scope.

Can I copy the scope list directly into the Stripe Dashboard?

Stripe's Restricted Key form does not currently take a paste-able JSON; you tick checkboxes per resource. The picker output is structured to match the Dashboard's grouping order (resource label, then Read or Write) so you can scan top-to-bottom and tick without re-checking. We would love to see Stripe ship a JSON import for this form.

Free tool · Stripe Restricted Keys

Stripe Restricted Key picker

Tick the operations your AI agent actually performs in Stripe. The picker outputs the minimum set of Restricted Key resource permissions to tick in the Dashboard, with a blast-radius tier per scope so you can see what each one is worth to an attacker.

Runs client-side No sign-up 10 use cases 14 Stripe resources

What does your agent do?

Minimum scope to tick in Stripe

Tick at least one operation on the left to see the required scopes.

What the picker is, what it isn't

It maps ten common AI-agent Stripe operations to the smallest Restricted Key permission set that still lets each operation succeed against Stripe's current API. The mapping is hand-curated against the resource list in the Stripe Dashboard's Create restricted key form, not auto-generated, so it tracks Stripe's intended grouping rather than the raw resource list.

It does not replace a per-day USD cap, an audit log of what the key actually moved, or a sub-second revoke. Restricted Keys cap which resources and verbs are reachable; they don't cap the dollars per minute that flow through them. A key with Charges Write still permits unlimited charges until you revoke it. The blast-radius tier on each scope is the bound on what an attacker could move in 60 seconds at Stripe rate limits — not what real production traffic looks like.

For an honest read on what Restricted Keys cover and where they fall short across the ten controls engineers actually want, see the ten-control coverage matrix — three Yes, two Partial, five No. The five No items are why this picker exists alongside Keybrake.

Three steps from picker to live key

Tick every operation your agent calls in production. Skip operations you might add later — the smallest reachable scope is always the right starting point. You can edit the key later.
Read the right column. Each row is a resource (e.g. Charges) plus a permission verb (Read or Write) and a blast-radius tier. Note any rows tagged EXTREME — those grant irreversible cash-exfil paths and should be the first thing you cap externally.
In the Stripe Dashboard, go to Developers → API keys → Create restricted key. Untick the default permissions, then tick only the resource-permission pairs from the right column. Save, copy the rk_live_ (or rk_test_) value into your agent's secret manager, and rotate the key on whatever cadence your incident response calls for.

Background reading

Stripe Restricted API Key permissions: 30-row map with runaway risk per resource — the long-form companion to this picker, with the per-resource breakdown the picker collapses into ten use cases.
Working Restricted Key example for a refund-issuing support agent — a single use case walked end-to-end, including the Webhook Endpoints gotcha.
How to create a Stripe Restricted API Key — 4-step Dashboard walkthrough — the Dashboard mechanics, with screenshots referenced.
How to give an AI agent a Stripe API key without setting your money on fire — the controls picture: scope, cap, revoke, audit.
Agent blowout calculator — what 24 hours of a stuck agent costs per vendor, and what a per-vendor cap stops it at.

Pair the picker with a real cap

Restricted Keys cap which Stripe verbs are reachable. Keybrake adds the per-day USD cap, the sub-second revoke, and the per-call audit with parsed cost. Join the waitlist — we'll email you a vault key when v1 ships, with the Stripe / Twilio / Resend proxy already configured.