The documentation you link for the stripe API key says
Authenticate your account when using the API by including your secret API key in the request. You can manage your API keys in the Dashboard. Your API keys carry many privileges, so be sure to keep them secret! Do not share your secret API keys in publicly accessible areas such GitHub, client-side code, and so forth.
How is this supposed to work safely, when you need to put the key in the package? Or is the enduser (who wants to donate) somehow expected to have their own API key?
The code on the endusers machine needs the API key to function, since there is no server on the publishers side involved, right? So you have to give the API key to them in some way, if directly embedded in the code or not.
9 comments
[ 4.7 ms ] story [ 43.2 ms ] threadAuthenticate your account when using the API by including your secret API key in the request. You can manage your API keys in the Dashboard. Your API keys carry many privileges, so be sure to keep them secret! Do not share your secret API keys in publicly accessible areas such GitHub, client-side code, and so forth.
How is this supposed to work safely, when you need to put the key in the package? Or is the enduser (who wants to donate) somehow expected to have their own API key?
https://github.com/bukinoshita/npm-donate/blob/master/exampl...
1. Project maintainer add `npm-donate`; 2. Creates stripe account; 3. Add API Key; 4. Release;
Users that wants to donate to the project, doesn't need an API key.
When users install your package, they won't see your API key.