I’m just getting started using the Stripe API directly (no plugin; for Connect) and am trying to wrap my head around best API key security practices (I’ve read through most of the Bubble manual pages on these), specifically what the common use cases are for needing the “publishable key” Stripe provides.
All of the Bubble Stripe plugins seem to have a field for storing both keys (publishable and secret), so I’d like to better understand the workflows/actions/API calls/general cases where we might need to be careful or ensure we are using the publishable key.
I understand from the Stripe Docs that the publishable key is needed for anything that is sent client-side…but I’m unclear what bubble-specific use cases that might entail.
I believe I saw a Bubble forum example of a plugin using the publishable key to generate Stripe payment ‘elements,’ presumably for collecting payment details in Bubble before sending to Stripe?
If we were just using hosted Stripe pages for the actual payment, am I correct in assuming the ‘publishable key’ may not be needed?
Thanks for any advice/insight you may have.