I have been using Stripe to process payments for my company AstroVenture (see more context in a previous post here) for a couple of years now, and it has worked great. One thing that took me quite a while to figure out was how to test that we were properly authenticated with the Stripe API without executing a payment.
I've had two instances that caused issues with purchasing:
- One release, I broke the server's local environment so things seemed to be working, but our API keys were not read in correctly. Most things seemed to work, but purchases did not.
- Another time I made changes to help secure our servers, but one of the rules prevented most outbound traffic including to Stripe's API!
I wanted a way to test for scenarios like this, but I couldn't find any good solutions until recently. I was searching the API docs for Stripe when I realized I could use any stripe API method that requires authentication to ensure that we are able to access Stripe. If we don't supply the keys or something else goes wrong, the test (below) will fail with an error. I only run this as part of my end to end tests which you can read more about here.
I added an endpoint to my Django application that looks like the following (I removed the authentication I do at this endpoint since it isn't the point of the example, and of course, don't put your API key directly in your code, read it from a secret store or somewhere else secure):
This endpoint exists so that we can run an end to end test
for the environment to ensure that we are able to access
the Stripe API after we have deployed.
def get(self, request):
stripe.api_key = key
data = stripe.Customer.list(limit=3)["data"]
except Exception as e:
return Response(str(e), status=status.HTTP_400_BAD_REQUEST)
And in my end to end tests I have the following:
By calling the Stripe API and not receiving an error,
we validate that the keys are properly loaded and that
we can access the API. We only care if we get an error,
so we ignore the return value.
response = requests.get(
assert response.status_code == status.HTTP_200_OK
Do you have a better way of testing that you can access Stripe after a deployment? Let me know!