Stripe - new restricted access key?

Screenshot 2024-05-28 at 4.22.37 PM

I received the message above just this afternoon and am a little stumped. How do I find all of the scenarios in my account that use the old connection?


It’s surprising you’ve only been given two days to implement this sort of change or get charged for continuing with the old API usage.

Usually Stripe would give at least 3 months notice for these sort of changes.

See Michaela’s update below.


I only recieved it this morning, and have even less time. Furthermore, my Stripe dev account secret key was allowed to be used with the RAK connection type, which seems odd.

This change was not impressive, though I can see that it makes sense to use restricted keys from a security perspective - I had hoped to get to that point myself, but it’s a ship that takes time to turn.

1 Like

I assume I’ll also need to replace the existing Stripe webhooks I have with the new RAK?

As I can’t remember which events were selected for each webhook. And I don’t think there is a way in Make to see which events were enabled for a particular Stripe webhook.

I’m advised by Make to hold off on making any changes yet. They will send an update email regarding this.


Please keep us posted about it. I’ve received the same email and I find it odd to have only 2 days notice.

Hello everyone @here

I am just quickly stepping in to confirm what has been said about our recent communication re changing the Stripe connection to RAK. Please ignore the last email about switching to RAK.

We are currently working closely with Stripe to get our OAuth application approved as quickly as possible. In the meantime, there is no need for any action on your part. We apologize for any confusion this may have caused and appreciate your patience during this process.

We will provide you with an update as soon as we have more information. If you have any further questions or concerns, please create a ticket with us.

Thank you for your understanding :pray:


Hello @Michaela !

I’m not sure I understand. There’s no point in creating a restricted api key and changing our existing key?

Can you confirm that the services won’t stop working from June 1st if we haven’t changed?

Thank you in advance for your reply and have a nice day!

1 Like

Hello @Yann_Menoud

At this moment, no action is needed from you. We will make sure to update you as soon as we have more information. For now, please disregard the previous communication.

We are very sorry for the confusion this may have caused.

Thank you for you understanding :pray:


Hi @Michaela just wanted to weigh in that I haven’t received an email with the advice of ignoring this - I only discovered this thread by googling how to set up the RAK key. Just thought it might be worth reaching out to customers to let them know to ignore this for now :raised_hands:

@Leah I am very sorry to hear that you are only finding out about this now through this community post. We apologize for any frustration and disruptions this may have caused.

@here Additionally, I wanted to bring everyone’s attention to the latest update, which you should have also received in your emails:

We recently communicated the need to switch your Stripe connections to the Restricted API Key (RAK) authentication method. Unfortunately, due to technical issues, we needed to revise the authentication structure and modify the setup.

Please update your scenarios and recreate your Stripe connections once again to align with the new structure. Ensure you set the “Restricted API Key” as the API key type.

We apologize for the additional steps and appreciate your patience and cooperation.

If you need to update the connection in multiple modules, you can use our DevTool extension to simplify the process.

Thank you very much for your understanding :pray:

Michaela, I have already setup my RAK keys and I’ve come back to see that my Stripe keys were deleted from Make, only to be told to do this again?

If I already done this why did my RAK keys need to be deleted again? Why didn’t Make test this properly?

Can you confirm that this will not change again?

Do I get this right?

  • A first email is sent out advising urgent action to update Stripe connections with a 2 days deadline.
  • This communication is revised one day later - not by mail, but only through a forum post.
  • Yet another day later, on the very last day of the original deadline, another mail is sent out requiring to setup Stripe restricted connections (again), with only hours to act on this.

I sincereley hope that I got any of this wrong!

Very confused! I thought you were working on getting this setup with OAuth? Is the update back to the original information then? It isn’t obvious what we should be doing at all.

Also, still nothing via email.

Obviously not the best communication.
But maybe also not the easiest situation to handle for Make: there are chances they didn’t get all the required informations in time either.

Anyway, let’s stay constructive, as complaining won’t get us there quicker.

I think I did what was required:

  1. I’ve just created a new restricted API key.
  2. I’ve created the new corresponding connection in Make
  3. I’ve created a new webhook, restricted to the required capabilities*
  4. Now… I can’t see any of the restricted connections I created yesterday and today. Only the ones I created a while ago :frowning:

Did I miss something? Temporary issue?
Any help would be greatly appreciated.


*Not a very straightforward step: the interface let me think I could only select one capabilty, since tickboxes only appeared once I clicked one option.

@TM56 The connections you cannot see were created by an old connection structure that we hotfixed today at ca at 12GMT+1. Even though the old connections should work in the modules where they were previously selected, we highly recommend creating new RAK connections to prevent future issues.

@here To summarize, it is highly recommended that all users who haven’t created new RAK connections after 12gmt+1 today to create them.

Once again, we are deeply sorry for the confusion and trouble caused. We understand that this situation and our communication have been confusing, but please know that the circumstances were not entirely within our control.

Thank you very much for your understanding :pray:


After recreating a webhook in Stripe, corresponding to the one from my scenario, I was able to get the new connection and set it in the modules.
I think I’m all set now, although I’ll have to wait this webhook to be triggered to confirm.



As someone who isn’t very technical, I could do with some simple step by step instructions on how to do this! Thanks

My main issue is that for webhooks, it the scope (group) is not visible. So when recreating, I need to guess it, and therefore retest. Or is there a smarter way to do this?

1 Like

I hope that the webhooks are not affected by this as well, I’m getting my team to check this too just in case, @Michaela can you confirm this as well?