stripe / stripe-java

Java library for the Stripe API.
https://stripe.com
MIT License
818 stars 359 forks source link

Support Request Signing (alternative to API keys) #1871

Closed cmmcleod closed 1 month ago

cmmcleod commented 1 month ago

Is your feature request related to a problem? Please describe.

Stripe has already built an alternative authentication method - signing keys - that uses request signing to authenticate requests. Stripe’s request signing is conceptually similar to how AWS Request Signing works. None of the SDKs currently support this feature.

Describe the solution you'd like


public class StripeClient {

  /**
   * Constructs a StripeClient with default settings, using the provided API key. Use the builder
   * instead if you require more complex configuration.
   */
  public StripeClient(String stripeSigningKey, String privateKey) {
     // SDK handles request signing signature generation internally
  }
  // ...
}

public class StripeExample {

    public static void main(String[] args) {
        StripeClient client = new StripeClient("rkey_id_...", "-----BEGIN EC PRIVATE KEY----- ....");

        CustomerCreateParams params =
            CustomerCreateParams.builder()/* etc */.build();

        try {
            Customer customer = client.customers().create(params);
            System.out.println(customer);
        } catch (StripeException e) {
            e.printStackTrace();
        }
    }
}

Describe alternatives you've considered

A potential alternative would be to use the StripeClient.builder and add a pre-request hook to intercept any request and add the appropriate signature headers - not sure if this is more/less feasible.

Additional context

No response

ramya-stripe commented 1 month ago

Request signing as a feature has not yet been made publicly available and therefore cannot be supported in the SDKs. We have plans to change that in the next year, but no particular timeline yet.

cc @alinalkm-stripe for any further questions