Free Stripe API Key Validator

Validate your Stripe API key format, detect key type and mode, and get security recommendations. Free, instant, and 100% client-side — your key never leaves your browser.

Validate Your Stripe API Key

Paste your Stripe API key below to validate the format, detect the key type, and check for common issues.

Try an example:

100% Client-Side

Your API key is validated entirely in your browser using format checks only. No data is sent to any server — your key never leaves your machine. We never make API calls to Stripe.

Frequently Asked Questions

What are the different types of Stripe API keys?

Stripe provides four types of API keys, each with a distinct prefix and purpose:

Secret keys (sk_live_, sk_test_) — full account access, server-side only

Publishable keys (pk_live_, pk_test_) — safe for client-side, limited scope

Restricted keys (rk_live_, rk_test_) — custom permissions, principle of least privilege

Webhook secrets (whsec_) — used to verify webhook event signatures

What is the format of a Stripe API key?

Stripe API keys follow a prefix-based format. The prefix indicates the key type and mode:

sk_live_<alphanumeric string>

The prefix is sk_, pk_, or rk_ for the key type, followed by live_ or test_ for the mode. Webhook secrets use the whsec_ prefix. Total key length is typically 90–110 characters.

What is a Stripe restricted key and when should I use one?

A restricted key is an API key with custom permissions. Instead of granting full account access like a secret key, you choose exactly which resources the key can read or write.

Use restricted keys whenever you need to give API access to a third-party service (like Codeless Sync) or limit the scope of a server-side integration. You can create restricted keys in the Stripe Dashboard under Developers → API keys → Create restricted key.

How do I find my Stripe API keys?

Log in to the Stripe Dashboard
Click "Developers" in the left sidebar
Select "API keys"
You'll see your publishable and secret keys for both test and live mode
To create a restricted key, click "Create restricted key" and configure the permissions

Is it safe to paste my Stripe API key into this validator?

Yes. This tool runs entirely in your browser — your key is never sent to any server. The validation is performed using JavaScript format checks (prefix matching, character validation, length checking) with zero network requests. We never call the Stripe API.

For additional safety, the tool automatically masks your key in the results display. You can toggle visibility with the eye icon if needed.

Need to sync Stripe data to PostgreSQL?

Codeless Sync automatically syncs your Stripe customers, invoices, subscriptions & more to your PostgreSQL database. Set up in 5 minutes with a restricted key — no code required.

Try Codeless Sync Free