Which permissions do the ravens need?

Delivery Ravens uses a Stripe Restricted API Key to interact with the API on your behalf using only the minimum access required.

Currently, the required permissions are:

• Product (Read)
• Checkout Session (Read)
• Webhook (Read and Write*)

Product permissions

The product_read permission allows us to populate the list of Stripe products for you to select when you configure a digital product for download.

Checkout session permissions

Using checkout_session_read allows us to match the products your customers purchase with the products you have active. Reading the checkout session also allows us view your customer’s email address so we can send them an email with a link to your digital product.

Webhook permissions

We use the webook_read and webhook_write permissions to automatically set up a webhook endpoint.

By defining the webhook endpoint, Stripe starts alerting Delivery Ravens when a customer’s checkout session completes, allowing us to start fulfilling the order – delivering your digital product to your customer.

If you don’t want to use webhook_write permissions, you can remove the write permissions (selecting instead webhook_read permissions) and set up the webhook endpoint manually.

Even if you don’t use webhook_write permissions, we still use webhook_read permissions to check your webhook endpoint is set up correctly.