Stripe Connect - Stripe::AuthenticationError

Question

I have a built a peer to peer marketplace using Stripe Connect to process credit card payments with stripe checkout and transfer that charge to a connected stripe account with their bank account information and my account will take a commission.

My code was working previously in development mode but once I pushed it live to heroku I'm getting an error after the charge is sent through stripe checkout.

This is the current error I'm catching from running heroku logs...

Stripe::AuthenticationError (The provided key 'sk_live_********************3yOZ' does not have access to account 'ca_*******************1LR1' (or that account does not exist). Application access may have been revoked.):

Here is my spaghetti code... (Note: I'm just a weekend warrior at Rails... it's amazing I've gotten this far along not having any prior programming experience.)

Orders Controller

class OrdersController < ApplicationController
  before_action :set_order, only: [:show, :edit, :update, :destroy]
  before_action :authenticate_user!


  def sales
    @orders = Order.all.where(seller: current_user).order("created_at DESC")
  end

  def purchases
    @orders = Order.all.where(buyer: current_user).order("created_at DESC")
  end

  # GET /orders/new
  def new
    @order = Order.new
    @item = Item.find(params[:item_id])
  end

  # POST /orders
  # POST /orders.json
  def create
    @order = Order.new(order_params)
    @item = Item.find(params[:item_id])
    @seller = @item.user

    @order.item_id = @item.id
    @order.buyer_id = current_user.id
    @order.seller_id = @seller.id

    token = params[:stripeToken]

    begin

    customer = Stripe::Customer.create(
        :email => params[:stripeEmail],
        :source  => token
    )

    require 'json'

      charge = Stripe::Charge.create({
        :customer => customer.id,
        :amount => (@item.price * 91.1).floor - 30,
        :currency => "usd",
        :description => @item.title,
        :application_fee => ((@item.price * 100) * 0.089).floor + 30
      },
      {:stripe_account => ENV["STRIPE_CONNECT_CLIENT_ID"] }
    )
      @order.name = params[:stripeShippingName]
      @order.address = params[:stripeShippingAddressLine1]
      @order.city = params[:stripeShippingAddressCity]
      @order.state = params[:stripeShippingAddressState]
      @order.zip = params[:stripeShippingAddressZip]
      @order.country = params[:stripeShippingAddressCountry]

      flash[:notice] = "Thanks for ordering!"
    rescue Stripe::CardError => e
      flash[:danger] = e.message
      redirect_to new_order_path
    end

    respond_to do |format|
      if @order.save
        format.html { redirect_to root_url }
        format.json { render :show, status: :created, location: @order }
      else
        flash[:alert] = "Something went wrong :("
        # gon.client_token = generate_client_token
        format.html { render :new }
        format.json { render json: @order.errors, status: :unprocessable_entity }
      end
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_order
      @order = Order.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def order_params
      if params[:orders] && params[:orders][:stripe_card_token].present?
        params.require(:orders).permit(:stripe_card_token)
      end
    end

end

OmniAuth Callbacks Controller

class OmniauthCallbacksController < Devise::OmniauthCallbacksController

  def stripe_connect
    @user = current_user
    if @user.update_attributes({
      provider: request.env["omniauth.auth"].provider,
      uid: request.env["omniauth.auth"].uid,
      access_code: request.env["omniauth.auth"].credentials.token,
      publishable_key: request.env["omniauth.auth"].info.stripe_publishable_key
    })
      # anything else you need to do in response..
      sign_in_and_redirect @user, :event => :authentication
      set_flash_message(:notice, :success, :kind => "Stripe") if is_navigational_format?
    else
      session["devise.stripe_connect_data"] = request.env["omniauth.auth"]
      redirect_to new_user_registration_url
    end
  end

end

Items Coffee Script (User must connect bank account info with Stripe Connect before listing)

jQuery -> 
    Stripe.setPublishableKey($('meta[name="stripe-key"]').attr('content'))
    item.setupForm()

item =
  setupForm: ->
    $('#new_item').submit ->
      $('input[type=submit]').attr('disabled', true)
      Stripe.bankAccount.createToken($('#new_item'), item.handleStripeResponse)
      false

  handleStripeResponse: (status, response) ->
    if status == 200
      $('#new_item').append($('<input type="hidden" name="stripeToken" />').val(response.id))
      $('#new_item')[0].submit()
    else
      $('#stripe_error').text(response.error.message).show()
      $('input[type=submit]').attr('disabled', false)

Orders Coffee Script (Stripe will handle the card information at checkout)

jQuery -> 
    Stripe.setPublishableKey($('meta[name="stripe-key"]').attr('content'))
    payment.setupForm()

payment =
  setupForm: ->
    $('#new_order').submit ->
      $('input[type=submit]').attr('disabled', true)
      Stripe.card.createToken($('#new_order'), payment.handleStripeResponse)
      false

  handleStripeResponse: (status, response) ->
    if status == 200
      $('#new_order').append($('<input type="hidden" name="stripeToken" />').val(response.id))
      $('#new_order')[0].submit()
    else
      $('#stripe_error').text(response.error.message).show()
      $('input[type=submit]').attr('disabled', false)

devise.rb initializer

  config.omniauth :stripe_connect,
    ENV['STRIPE_CONNECT_CLIENT_ID'],
    ENV['STRIPE_SECRET_KEY'],
    :scope => 'read_write',
    :stripe_landing => 'register'

stripe.rb initializer

Rails.configuration.stripe = {
  :publishable_key => ENV['STRIPE_PUBLISHABLE_KEY'],
  :secret_key      => ENV['STRIPE_SECRET_KEY']
}

Stripe.api_key = Rails.configuration.stripe[:secret_key]

application.yml (figaro) (keys censored)

production:
  STRIPE_SECRET_KEY: "sk_live_****************3yOZ"
  STRIPE_PUBLISHABLE_KEY: "pk_live_******************HhWi"
  STRIPE_CONNECT_CLIENT_ID: "ca_**********************1LR1"
  CONNECTED_STRIPE_ACCOUNT_ID: "acct_***********crNm"

orders _form.html.erb (just the stripe script)

<script src="https://checkout.stripe.com/checkout.js" class="stripe-button"
          data-key="<%= Rails.configuration.stripe[:publishable_key] %>"
          data-description="<%= @item.title %>"
          data-amount="<%= (@item.price * 100).floor %>"
          data-email="<%= current_user.email %>"
          data-shipping-address="true"
          data-locale="auto"></script>

Answer 1

The issue here is that you're mixing your constants. Whenever you make an API request on behalf of a connected account, you want to pass the connected account's id, acct_XXXYYYZZZ , in the Stripe-Account header .

The problem here is that you're instead passing your platform's client id ca_XXXX there. Stripe is then trying to find the account with the id ca_XXXX connected to your platform and it doesn't exist.

You need to fix your charge code to pass the correct constant:

charge = Stripe::Charge.create({
    customer: customer.id,
    amount: (@item.price * 91.1).floor - 30,
    currency: 'usd',
    description: @item.title,
    application_fee: ((@item.price * 100) * 0.089).floor + 30
  },
  {
    stripe_account: ENV["CONNECTED_STRIPE_ACCOUNT_ID"]
  }
)