stripe-cli icon indicating copy to clipboard operation
stripe-cli copied to clipboard
verified publisher icon stripe

Error "You are using a legacy-style API key which is unsupported by the CLI" trying to send test webhook

Open Awlexus opened this issue 9 months ago • 7 comments

Issue

Following the 2 steps of listed when trying to send a test event hook, the cli fails with the error: "you are using a legacy-style API key which is unsupported by the CLI. Please generate a new test mode API key". The webhook was defined in a sandbox environment

Expected Behavior

A test webhook being emited

Steps to reproduce

  1. Install stripe cli (I used brew for the installation, both versions of the macos release cannot be executed)
  2. $ stripe login
  3. $ stripe trigger payment_intent.succeeded

Environment

macOs 15.3.2

$ stripe --version
stripe version 1.25.1

Awlexus avatar Mar 31 '25 15:03 Awlexus

Hey @Awlexus! Could you share the merchant id for the sandbox you're using? Also does the test key (test_mode_api_key) in ~/.config/stripe/config.toml start with rk_ or sk_?

tomer-stripe avatar Mar 31 '25 15:03 tomer-stripe

Hi @tomer-stripe, the api key starts with rk_. As for the merchant ID, I'm not sure where you find it in the dashboard. Do merchant ids start with acct_?

Awlexus avatar Mar 31 '25 15:03 Awlexus

Yep! They start with acct_

edit: also do you have the entire error you're seeing by the CLI handy?

tomer-stripe avatar Mar 31 '25 17:03 tomer-stripe

Thanks for the confirmation, the merchant id is acct_1Qzy6JE0ip1H2mD7. Unfortunately, the message from the report is the full output of the CLI

Awlexus avatar Apr 01 '25 08:04 Awlexus

Hmmm so we didn't see anything unusual on our side. Few more questions:

  • could you confirm that the key you're seeing on the Stripe Dashboard is the same as the key in the config file?
  • is it possible there's an environment variable somewhere overriding the config?

tomer-stripe avatar Apr 02 '25 18:04 tomer-stripe

  1. Yes, the api key should be the same, the last 4 characters match
  2. That's it! The project I'm working in sets the STRIPE_API_KEY variable. I'm sorry about the confusion, that was an unfortunate conflict.

Thank you for your time. Just to be sure. We received a couple of 2FA messages yesterday for no apparent reason. Could these have been caused by your testing?

Awlexus avatar Apr 03 '25 10:04 Awlexus

Glad it's working!

Hmmm I don't think so. We wouldn't have logged into your account or anything. I know we have some behaviors on Stripe's side that require re-authing for anything that's super sensitive but none of the investigation for this should've triggered that.

tomer-stripe avatar Apr 04 '25 00:04 tomer-stripe