search

stripe / stripe-apps

Stripe Apps lets you embed custom user experiences directly in the Stripe Dashboard and orchestrate the Stripe API.
https://stripe.com/docs/stripe-apps
MIT License
147 stars 71 forks source link

App permission for shipping_rate_write does not extend to connected accounts #983

Open bensontrent opened 3 weeks ago

bensontrent commented 3 weeks ago

We have an app that has shipping_rate_write permissions to allow us to update shipping rate metadata.

image

However, this permission does not work for connected accounts. For example, apps published to the public that require this permission will have features that do not work.

When attempting to update metadata on a shipping rate, we get this error:

image

It was confusing for us to workshop this bug since this error would never appear in the local preview app. I finally saw the bug when a customer sent a support request with a video detailing this issue, and I previewed our app using the external test link under a connected account.

I have confirmed through Postman that our app has read access to a connected account's Shipping Rate.

image

But it appears the write access is not available.

image

image

At first, I believed this issue appeared within the last month or so. But I realized I was mistaken: I had been using a secondary local account for real-world testing with a trusted company. To my discredit, I tested our app exclusively in the local environment with this company for six months before publishing the app to the public. This bug would have gone undetected.

This leads me to believe the write endpoint for Shipping Rates on connected accounts has never worked.

bensontrent commented 3 weeks ago

Here's some additional context on how we use this permission and how it impacts our users. Thankfully, not all of our customers use Shipping Rates, but those customers who do use this feature, users assume that their settings are saved, and then an incorrectly formed shipment is created by default.

This is our SettingsView under our "Carrier defaults" tab:

image

While we did consider storing these values in our own database, we like the visibility and flexibility provided by storing them in the Shipping Rate metadata. Consider a use case where a shipping rate is created on the fly at a checkout session creation event. The end user could pre-populate the shipment with the appropriate carrier, service, and packaging to eliminate mistakes when creating a shipping label.

bensontrent commented 2 weeks ago

An update: After we publish a new version of our app, we communicate new features and bugs to our users. Here's how we are communicating this bug to our users:

image

(link in image: https://docs.parcelcraft.com/api-guide#stripe-shipping-rate-metadata )