Stripe API Key
A Stripe API key is a unique authentication credential that connects your WordPress site to your Stripe account, allowing payments to process securely without storing card data on your server.
What Is a Stripe API Key?
For: Small business owners and freelancers setting up payment forms or WooCommerce stores on WordPress who’ve been asked to “paste your Stripe API key” and aren’t sure what that means.
Affiliate disclosure: WPSchool uses affiliate links for some products mentioned on this site. This glossary entry is educational and contains no affiliate links.
A Stripe API key is a unique authentication credential that connects your WordPress site to your Stripe account, allowing payments to process securely without storing card data on your server.
Answer Capsule
A Stripe API key is a string of characters (starting with pk_ or sk_) that proves to Stripe’s servers that a request is coming from your account. WordPress plugins like WP Simple Pay or WooCommerce Stripe Gateway require these keys to send and receive payment data on your behalf.
Why You Encounter This in WordPress
Every WordPress payment plugin—WooCommerce’s Stripe gateway, WP Simple Pay, Gravity Forms with Stripe, WPForms Payments—requires you to paste at least one API key into the plugin settings before transactions work. Stripe provides these keys inside your Stripe Dashboard under Developers → API Keys.
We see this step trip up beginners on almost every client site we configure. The plugin settings page shows two empty fields labeled “Publishable Key” and “Secret Key,” and the error states make no indication of which key goes where.
The Two Key Types You Need
Stripe issues two distinct key types for every account, as of 2026:
| Key | Starts with | Where it goes | Risk if exposed |
|---|---|---|---|
| Publishable Key | pk_live_ or pk_test_ | Front-end / browser-side code | Low — limited to identifying your account |
| Secret Key | sk_live_ or sk_test_ | Server-side / plugin backend only | High — full API access to your account |
The publishable key is safe to embed in page source. The secret key is not — it must only exist in your plugin’s server-side settings, never in a JavaScript file or a public GitHub repo.
Test Keys vs. Live Keys
Stripe gives you two parallel environments. Test keys (pk_test_, sk_test_) let you run fake transactions using Stripe’s test card numbers (e.g., 4242 4242 4242 4242) without charging real money. Live keys (pk_live_, sk_live_) process actual charges.
In our testing, the most common setup mistake is pasting live keys while still building the site, then accidentally charging real cards during QA. Always finish configuration in test mode, then swap keys when you’re ready to accept real payments.
How to Find Your Stripe API Keys
- Log into your Stripe Dashboard
- Click Developers in the left sidebar
- Select API keys
- Copy your Publishable Key directly — it’s visible by default
- Click Reveal test key (or Reveal live key) to expose the Secret Key
Stripe only shows the secret key once after you reveal it per session. Copy it immediately and paste it into your plugin settings.
One Security Note Worth Knowing
Stripe also offers Restricted Keys — a third key type that limits API permissions to specific actions (read-only on customers, write-only on charges, etc.). On client sites where a contractor or plugin needs Stripe access, restricted keys are the correct choice. The WordPress.org forums include a thread specifically about restricted key configuration with Forminator that walks through the permissions setup.
Related Terms
- Webhook — a Stripe URL endpoint that notifies your WordPress site when a payment event occurs (charge succeeded, subscription canceled, etc.)
- Payment Intent — the Stripe API object that tracks the full lifecycle of a payment from creation to confirmation
- WooCommerce Stripe Gateway — the official plugin connecting WooCommerce checkout to Stripe; requires both publishable and secret keys
- Test Mode — Stripe’s sandbox environment using test keys; transactions don’t move real money
Additional Reading
- How to Connect Stripe to WooCommerce — step-by-step plugin configuration
- WP Simple Pay Review — the simplest way to accept Stripe payments without WooCommerce
- WordPress Payment Plugins Compared — side-by-side comparison of Stripe-compatible options
- Official Stripe API Keys Documentation — primary source for key types, rotation, and restricted key permissions
Last verified: April 2026