> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dodopayments.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Stripe - Connect & Raw Card API Access

> Enable raw card data API access on Stripe with Dodo Payments' PCI DSS AOC, then connect your Stripe account to Bring Your Own Processor (BYOP).

<Note>
  This guide applies when you connect **Stripe** as your own processor through [Bring Your Own Processor (BYOP)](/features/byop). [Talk to us](mailto:founders@dodopayments.com) if you need help.
</Note>

## Enable raw card data access

To route payments through your Stripe account while Dodo Payments powers billing on top, Dodo needs to pass card details to Stripe on your behalf using Stripe's **raw card data APIs**.

By default, Stripe accounts can't send raw card numbers (PANs) directly to its APIs. Stripe gates this behind an approval that confirms the systems handling raw card data are **PCI DSS compliant**. With BYOP, the system that handles card data is **Dodo Payments**, which is PCI DSS Level 1 compliant — so you prove compliance using Dodo Payments' certification rather than your own. You request this access once, per account.

When you request access, Stripe asks for a short description of how card data is handled — state that **Dodo Payments**, your PCI DSS Level 1-compliant payment provider, processes the raw card data and that your own systems never store or touch raw card numbers (PANs). Because Dodo Payments handles the data, you don't need your own SAQ D; submit **Dodo Payments' Attestation of Compliance (AOC)** as your proof:

<Card title="Dodo Payments PCI DSS Attestation of Compliance (AOC)" icon="file-shield" href="https://pub-2a89184e4c954b599464449d23f506bb.r2.dev/dodo-payments-pci-dss-aoc.pdf">
  Download Dodo Payments' current AOC and submit it to Stripe when you request raw card data access.
</Card>

<Tip>
  **Test mode requires no documentation.** You can ask Stripe to enable raw card data APIs for **test mode** right away so you can build and verify your BYOP setup. Live mode still requires the Dodo Payments AOC above.
</Tip>

Request access directly through Stripe's official guide, and submit the Dodo Payments AOC when Stripe asks for PCI documentation:

<Card title="Enabling access to raw card data APIs" icon="stripe" href="https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis">
  Stripe's guide to requesting raw card data API access on your account.
</Card>

## What you'll need

Once Stripe confirms raw card data access, connect Stripe in **Settings → BYOP**. Gather two values from your Stripe Dashboard:

| Value                      | Where it comes from                |
| -------------------------- | ---------------------------------- |
| **Secret key**             | Developers → API keys              |
| **Webhook signing secret** | Generated when you add the webhook |

<Info>
  Stripe keeps **test** and **live** credentials separate — switch with the **Test mode / Live mode** toggle in the Dashboard. Generate credentials in the environment that matches the mode you're configuring in Dodo.
</Info>

## Step 1: Get your secret key

<Steps>
  <Step title="Open API keys">
    In the Stripe Dashboard, go to **Developers → API keys**. Use the **Test mode / Live mode** toggle to match the environment you're configuring.
  </Step>

  <Step title="Copy your secret key">
    Copy the **Secret key** — it starts with `sk_test_` in test mode or `sk_live_` in live mode (a restricted key, `rk_...`, also works if you prefer to scope permissions). You'll paste this into the **Secret Key** field in Dodo.
  </Step>
</Steps>

## Step 2: Set up the webhook and signing secret

Dodo generates a **Webhook Endpoint** URL when you save the Stripe connection. Add it as a webhook in Stripe, then copy the signing secret.

<Steps>
  <Step title="Add an endpoint">
    In the Stripe Dashboard, go to **Developers → Webhooks** and select **Add endpoint**. Paste the **Webhook Endpoint** URL that Dodo generated (it must be HTTPS and publicly accessible) and select the events to listen for.
  </Step>

  <Step title="Reveal the signing secret">
    Open the endpoint's detail page and select **Reveal secret** to view the **Signing secret** — it starts with `whsec_`. The secret is unique to each endpoint, and test and live endpoints have different secrets.
  </Step>

  <Step title="Paste the signing secret into Dodo">
    Back in **Settings → BYOP**, paste the signing secret into the **Webhook Signing Secret** field to finish the connection.

    <Card title="Set up BYOP" icon="shuffle" href="/features/byop">
      Follow the full Bring Your Own Processor setup flow.
    </Card>
  </Step>
</Steps>

<Tip>
  After saving, use **Verify connection** in Dodo to run a test call against Stripe and confirm your secret key and webhook signing secret are valid before you go live.
</Tip>

## Frequently asked questions

<AccordionGroup>
  <Accordion title="Do I need my own PCI certification (SAQ D)?">
    No. Because **Dodo Payments handles the raw card data on your behalf** and is **PCI DSS Level 1 compliant**, you submit **Dodo Payments' Attestation of Compliance (AOC)** to Stripe instead of completing your own SAQ D or undergoing a separate audit.
  </Accordion>

  <Accordion title="Why can't Stripe just enable this by default?">
    Sending raw card numbers to an API brings the sending system into PCI DSS scope. Stripe requires proof of PCI compliance before enabling raw card data APIs so that cardholder data stays protected. Dodo Payments is **PCI DSS Level 1 compliant**, so you provide Dodo Payments' AOC as that proof.
  </Accordion>

  <Accordion title="Can I test BYOP before getting live approval?">
    Yes. Ask Stripe to enable raw card data APIs in **test mode**, which needs no PCI documentation, and connect Stripe in test mode in Dodo. You'll need the live-mode approval before processing real payments.
  </Accordion>

  <Accordion title="I lost my secret key or signing secret, what now?">
    Generate a new key under **Developers → API keys**, or open the webhook endpoint and select **Reveal secret** to view the signing secret again, then update the value in **Settings → BYOP**.
  </Accordion>
</AccordionGroup>

## References

* [Dodo Payments PCI DSS Attestation of Compliance (AOC)](https://pub-2a89184e4c954b599464449d23f506bb.r2.dev/dodo-payments-pci-dss-aoc.pdf)
* [Stripe Support: Enabling access to raw card data APIs](https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis)
* [Stripe: API keys](https://docs.stripe.com/keys)
* [Stripe: Webhook signing secret](https://docs.stripe.com/webhooks/signature)
