airbyte
airbyte copied to clipboard
airbytehq
Source Stripe: requires excess permissions on the API key
Connector Name
source-stripe
Connector Version
3.17.4
What step the error happened?
Configuring a new connector
Revelant information
The stripe source requires an "account_id" which should not be needed for actually making the API calls. The currently implemented validation flow for the Stripe source needs an account_id as seen here.
The problem is that the ability to fetch an account requires a separate permission (as shown in the logs below), without which a restricted API key can still be valid and functional for most streams in Airbyte. Therefore this validation requires excessive permissions and may still not give a full picture because any of the streams may not work depending on what granular permissions have been granted on the restricted Stripe API key.
Ideally, the connector setup should only expect an API key and assume that it works, since there is no known Stripe API that can return a successful response for all possible keys. A workaround for now, is to directly use the AirByte API (intead of the UI) to setup the source, because this validation step is not performed in that flow.
Relevant log output
"The provided key 'rk_live_***************************************************************************************************' does not have the required permissions for this endpoint on account 'acct_****************'.
Having the 'rak_accounts_kyc_id_numbers_read' permission would allow this request to continue."
Contribute
- [ ] Yes, I want to contribute
