ST
Stripe
Provider Setup

Connect Stripe

ConfigTrace connects to Stripe using a restricted read-only API key. It monitors webhook endpoints, product and price configuration, and account settings — without accessing payment data, customer records, or card information.

On this page
  1. Prerequisites
  2. Step 1 — Create a restricted API key
  3. Step 2 — Connect in ConfigTrace
  4. Step 3 — Run your first sync
  5. What ConfigTrace monitors
  6. What ConfigTrace never reads

Prerequisites

  • A Stripe account
  • Access to create restricted API keys in the Stripe Dashboard
  • A ConfigTrace workspace (owner or admin role)

Step 1 — Create a restricted API key

  1. 1
    Open API keys
    Go to the Stripe Dashboard → Developers → API keys.
  2. 2
    Create a restricted key
    Click "Create restricted key". Give it a name like ConfigTrace (read-only).
  3. 3
    Set read-only permissions
    Under permissions, enable read-only access for: Webhook Endpoints: Read, Products: Read, Prices: Read, and optionally Account: Read.
  4. 4
    Copy the key
    Click "Create key" and copy the key. It starts with rk_live_ or rk_test_.
Use a restricted key rather than your main secret key. This limits the key to only the resources ConfigTrace needs to monitor.
Using a test-mode key (rk_test_) will monitor your Stripe test environment. Use a live key (rk_live_) to monitor your production configuration.

Step 2 — Connect in ConfigTrace

  1. 1
    Open Integrations
    In the ConfigTrace sidebar, click Integrations, then click Connect on the Stripe card.
  2. 2
    Paste your API key
    Paste your restricted API key.
  3. 3
    Save integration
    Click Save integration.

Step 3 — Run your first sync

Click Sync Now. The first sync captures your webhook configuration and product settings as a baseline.

What ConfigTrace monitors

Reads (configuration metadata)
  • Webhook endpoint URLs, enabled/disabled status, and subscribed events
  • Product names, descriptions, and active/archived status
  • Price IDs, amounts, currencies, and billing intervals
  • API key metadata: key names, created date, last used (not key values)
  • Account settings: business name, support email, branding
Never reads
  • Payment method data, card numbers, or bank account details
  • Customer records or payment history
  • Transaction details or payout data
  • Webhook signing secrets
  • Full API key values (metadata only)
  • Any personally identifiable information (PII)

What ConfigTrace never reads

ConfigTrace never accesses payment data. It monitors the configuration of your Stripe account — webhooks, products, and settings — not your financial data or customer records.

For a full breakdown across all providers, see the Data Access & Permissions reference.