Stripe setup docs

Connect Stripe in audit-only mode.

Use the Stripe Connect audit bridge for first billing-side value. Stripe changes are disabled in Revenue Linter. Restricted-key setup is an Advanced fallback if you are having trouble connecting.

Open Stripe setupOpen Stripe onboarding

Primary Connect OAuth steps

  1. Open Stripe setup in Revenue Linter.
  2. Click Connect Stripe.
  3. Approve the Revenue Linter connection in Stripe.
  4. Stripe redirects you back to Revenue Linter.
  5. Revenue Linter stores safe billing connection metadata and queues the first billing sync.
  6. If Stripe requires a write-capable OAuth scope, Revenue Linter still disables Stripe changes in the app.
  7. Add app/access evidence before treating access-state findings as confirmed.

Fallback restricted-key steps

  1. If you installed the Revenue Linter Stripe App, open View API keys and copy the app-generated restricted rk_ key.
  2. If you cannot install the app, open Stripe Dashboard, then go to Developers and API keys.
  3. Click Create restricted key.
  4. Name it Revenue Linter Audit Fallback.
  5. Start with zero permissions.
  6. Set the required rows below to Read.
  7. Set every Write permission to None.
  8. Paste the rk_ key into Revenue Linter settings or onboarding.
  9. Fix any missing permissions shown by validation.

What Revenue Linter will never do

  • Create charges.
  • Issue refunds.
  • Cancel subscriptions.
  • Create customers.
  • Modify invoices.
  • Submit dispute evidence.
  • Change webhook endpoints.
  • Write to your Stripe account.

Revenue Linter validates read access and rejects unrestricted secret keys. Stripe does not expose the full write-permission matrix through the pasted key, so confirm in Stripe that all Write permissions are None.

Permission recipe

Use these exact Stripe Dashboard rows. Required rows must pass validation before Revenue Linter stores the encrypted credential.

Core Ledger

Account identity, customer state, subscription state, invoices, payment objects, and catalog context.

Required
Stripe rowSet toWhy Revenue Linter reads it
AccountRequiredReadConfirm the connected Stripe account, account name, and test/live mode.
CustomersRequiredReadMatch Stripe customers to app users and app-state snapshots.
SubscriptionsRequiredReadDetect subscription state drift, Free Riders, and Zombie Subscribers.
InvoicesRequiredReadInspect invoice status, failed payment state, and paid-but-blocked cases.
Payment IntentsRequiredReadLink checkout and payment evidence back to user access state.
ChargesRequiredReadVerify captured payment and dispute evidence context.
ProductsRequiredReadMap Stripe catalog records to plan and entitlement context.
PricesRequiredReadResolve plan pricing, currency, and subscription item context.
Account
Required
Read

Confirm the connected Stripe account, account name, and test/live mode.

Customers
Required
Read

Match Stripe customers to app users and app-state snapshots.

Subscriptions
Required
Read

Detect subscription state drift, Free Riders, and Zombie Subscribers.

Invoices
Required
Read

Inspect invoice status, failed payment state, and paid-but-blocked cases.

Payment Intents
Required
Read

Link checkout and payment evidence back to user access state.

Charges
Required
Read

Verify captured payment and dispute evidence context.

Products
Required
Read

Map Stripe catalog records to plan and entitlement context.

Prices
Required
Read

Resolve plan pricing, currency, and subscription item context.

Edge-Case Detection

Lifecycle events, webhook coverage, checkout completion, disputes, and failure paths.

Required
Stripe rowSet toWhy Revenue Linter reads it
DisputesRequiredReadFind chargeback exposure and evidence gaps without submitting evidence.
Checkout SessionsRequiredReadVerify completed checkout sessions, tax/evidence context, and payment-flow drift.
EventsRequiredReadCompare lifecycle events against app-state and processed webhook coverage.
Webhook EndpointsRequiredReadReview configured Stripe webhook coverage for required lifecycle events.
Disputes
Required
Read

Find chargeback exposure and evidence gaps without submitting evidence.

Checkout Sessions
Required
Read

Verify completed checkout sessions, tax/evidence context, and payment-flow drift.

Events
Required
Read

Compare lifecycle events against app-state and processed webhook coverage.

Webhook Endpoints
Required
Read

Review configured Stripe webhook coverage for required lifecycle events.

Reconciliation Context

Optional context that improves refund, balance, and tax explanations.

Recommended
Stripe rowSet toWhy Revenue Linter reads it
RefundsRecommendedReadImprove refund and dispute explanations when refund data is available.
Balance TransactionsRecommendedReadImprove reconciliation detail for fees, net revenue, and payout context.
Tax RatesRecommendedReadImprove tax-watch explanations when Stripe tax-rate data is present.
Refunds
Recommended
Read

Improve refund and dispute explanations when refund data is available.

Balance Transactions
Recommended
Read

Improve reconciliation detail for fees, net revenue, and payout context.

Tax Rates
Recommended
Read

Improve tax-watch explanations when Stripe tax-rate data is present.

When validation says a permission is missing

  1. Open Stripe Dashboard, then go to Developers and API keys.
  2. Find the Revenue Linter restricted key and click Edit key.
  3. Set each missing row to Read.
  4. Keep Write set to None.
  5. Save the key and paste it again.

Revoke or rotate access

To revoke access, delete the connection in Revenue Linter, then revoke the restricted key in Stripe Dashboard.

To rotate access, create a new restricted key, paste it into Revenue Linter, wait for validation to pass, then revoke the old key in Stripe.

Do not reuse an existing integration key. One key per service makes rotation and audit logs cleaner.