1
votes

I am facing below problem in Live Stripe integration, In local it's working fine.

Fatal error: Uncaught Stripe\Error\InvalidRequest: When not in test mode, account tokens may only be created using your application's publishable key. You should only create account tokens in your client application (e.g., using Stripe.js or the Android or iOS SDKs) and never from your application server. Creating account tokens from your application server may cause you to fall out of compliance with certain regulations. in /var/www/html/stripe-new/vendor/stripe/stripe-php/lib/ApiRequestor.php on line 125

1
Are you using test keys? - Kisaragi
Make sure you are making tokens on your front-end with a publishable key, using something like Checkout, Elements, or one of Stripe's mobile SDKs. Don't use your backend PHP code to create a token as it is likely not PCI compliant. stripe.com/docs/checkout stripe.com/docs/stripe-js/elements/quickstart - duck

1 Answers

2
votes

You must be using your secret key to perform this request. Secret keys should only be used from your server, as keys can be decompiled on a web or mobile client. That's why they have separate publishable and secret keys.

So, you're either A) using your server to create tokens, or B) using your secret key on your client.

If A), you should create a token on the client using a publishable key instead. Passing sensitive information required to make a token requires passing sensitive information to your server, and chances are you are not protecting this sensitive information as required for PCI compliance. Stripe does this for you without the sensitive information ever touching your server.

If B), you're jeopardizing access to the payment methods of every single one of your users. Remove the secret key from your client and only use the publishable key there.