How to Secure Stripe API Keys on Webflow? (Keys Currently Exposed)

Hi Webflow Community,

I’m facing a critical issue with our eCommerce site hosted on Webflow. Due to the lack of Buy Now Pay Later (BNPL) payment options like Afterpay, we integrated a custom Stripe checkout with the help of a developer.

Recently, our website was targeted by card testing fraud, and upon investigation, Stripe informed us that our API keys are visible on the internet. After further review, our new developer discovered that both our public and secret Stripe keys are exposed in the source code.

Webflow Support mentioned that Webflow currently only supports client-side code implementation and unfortunately does not support adding server-side code. Therefore, they don’t have a native solution for storing secret keys securely on the server-side.

Given this situation, I’m looking for guidance on how to properly secure these API keys on Webflow without compromising our website. Has anyone encountered a similar issue or can provide advice on how to handle this?

Any help would be greatly appreciated!

Thank you!

Remove the keys and revoke them immediately.

Either build on another platform, or build a middleware app that secures your keys and communicates to Stripe. Stripe has plenty of documentation on options. If you are working with devs that don’t understand what to do, replace them with talent that does.

[Stripe] [Webflow] [InPost] [DHL] [BaseLinker] [E-commerce]

:briefcase: Seamless Stripe Integration for Webflow

Hello Webflow enthusiasts!

Did you know that Webflow doesn’t provide out-of-the-box support for many popular payment gateways? Our team has developed a custom Stripe integration to bridge this gap, offering a complete solution for your online store. Here’s what we bring to the table:

:white_check_mark: Global Payment Support: Effortless integration with gateways like Przelewy24, BLIK, SOFORT, iDEAL, Apple Pay, Google Pay, and more.
:white_check_mark: Advanced Cart Functionality: A shopping cart system designed to enhance user experience.
:white_check_mark: Secure Backend Data Handling: All sensitive information is securely managed on our backend.
:white_check_mark: Shipping Integration: Direct API connections with InPost and DHL for streamlined parcel management.
:white_check_mark: BaseLinker (Make) Integration: Consolidate all your e-commerce processes in one place.

This is not a basic checkout integration or a simple redirect to Stripe. Instead, our application utilizes Stripe’s components to create a fully-featured, customizable solution tailored for Webflow CMS stores and compatible with E-commerce plans.

If you’re committed to Webflow but need a powerful payment and logistics integration, our solution is the answer!

:speech_balloon: Want to learn more? Reach out to us: Contact

#WebflowPolska #Stripe #InPost #DHL #BaseLinker #Ecommerce #CMS