Search code examples
vb.netstripe-payments

How do I add just a username within an authentication header in stripe-payments?

I'm trying to get a simple post request to work to create a customer via the Stripe.js API.

https://stripe.com/docs/api/java#authentication

I'm doing this in vb.net and don't want to use the stripe.net library.

I keep getting authorization failed. All I have to pass is the username in the header, or in this case the username is my test api key.

Here's a chunk of the code:

Dim asPostRequest As HttpWebRequest = WebRequest.Create(String.Format(ApiEndpoint))
Dim as_ByteArray As Byte() = Encoding.UTF8.GetBytes(stripeccw.ToString)
asPostRequest.Method = "POST"
asPostRequest.ContentType = "application/json"

'asPostRequest.Headers("Authorization") = "Basic" + apikey
'asPostRequest.Credentials("bearer", apikey)
'asPostRequest.Headers.Add("Authorization") = apikey
'asPostRequest.Credentials("Username") = apikey
'asPostRequest.Credentials = New NetworkCredential(apikey, "")
    
asPostRequest.ContentLength = as_ByteArray.Length
Dim as_DataStream As Stream = asPostRequest.GetRequestStream()
as_DataStream.Write(as_ByteArray, 0, as_ByteArray.Length)
as_DataStream.Close()

Where I've commented out, those are different ways that I've tried. I know for a fact my API key is correct. I can verify this by navigating to https://api.stripe.com/v1/customers and entering it in for my username only.

Solution

  • If I were in your shoes, the first thing I'd do is take a look at how Stripe.Net does it. Even if you don't want to use that library yourself, that doesn't mean you can't use the source code as a reference.

    From Requestor.cs:

    internal static WebRequest GetWebRequest(string url, string method, string apiKey = null, bool useBearer = false)
{
    apiKey = apiKey ?? StripeConfiguration.GetApiKey();

    var request = (HttpWebRequest)WebRequest.Create(url);
    request.Method = method;

    if(!useBearer)
        request.Headers.Add("Authorization", GetAuthorizationHeaderValue(apiKey));
    else
        request.Headers.Add("Authorization", GetAuthorizationHeaderValueBearer(apiKey));

    request.Headers.Add("Stripe-Version", StripeConfiguration.ApiVersion);

    request.ContentType = "application/x-www-form-urlencoded";
    request.UserAgent = "Stripe.net (https://github.com/jaymedavis/stripe.net)";

    return request;
}

private static string GetAuthorizationHeaderValue(string apiKey)
{
    var token = Convert.ToBase64String(Encoding.UTF8.GetBytes(string.Format("{0}:", apiKey)));
    return string.Format("Basic {0}", token);
}

private static string GetAuthorizationHeaderValueBearer(string apiKey)
{
    return string.Format("Bearer {0}", apiKey);
}

    So it seems there are two ways to do it. You can either use "Bearer" format, which is:

    asPostRequest.Headers.Add("Authorization", "Bearer " & apiKey)

    or you can use "Basic" format which is:

    asPostRequest.Headers.Add("Authorization", _ 
    "Basic " & Convert.ToBase64String(Encoding.UTF8.GetBytes(apiKey & ":")))