Security Implications of Payment Processing with Stripe API in Add-Ons

[Trace Bowen]

Apps Script Community, I would like to ask about the security implications of using the Stripe API within a public apps script add-on for the workspace marketplace. This is not my primary area of expertise, and I have done some of my own research; but security is one of my top concerns and I want to make sure that I get this right for potential customers and myself.

The context of 'use' of the Stripe API that I am specifically asking about is as follows:

• Using the stripe API to verify a user's 'active' subscription status, sourced from the .getEmail() method and obtaining a subscription status from the API with that input.
• Providing the payment link for the product via the html content in the sidebar, which would direct the user to the payment / customer portal.

Now that I have clarified how I would like to use Stripe, here are some specific questions I have. Please also feel free to add any additional details / context outside the scope of this list that you feel is relevant.

1. Initial research quickly led me to Corentin Brossault's (from MailMeteor) article on monetization, where he recommended use of Firebase as an intermediary between Apps Script and the Stripe API. It seems as if others have also taken this approach, so here's my question: Since it is perfectly possible to authenticate users via solely the Apps Script scope and the Stripe API alone, why are people suggesting to use Firebase? Is there an obvious security implication that Firebase addresses that Apps Script cannot?
2. Private keys must be accessed to utilize the Stripe API. I am aware of Google's own guidance on using the Properties Service, specifically the 'Script Properties', to store sensitive information. In the context of a published Apps Script Add-on for the Workspace Marketplace, is there any way that a user could conceivably (realistically) access that information from the script properties? I do not believe there is any possible way for a user of the add-on to access any of the source code (if you defined the key as a variable) or defined the key in the script properties like mentioned, but please correct me if I'm wrong and confirm.
3. Are there any other questions I might have forgotten to ask or items that would be useful to think about? Perhaps there are limitations to the amount of calls to the Stripe API that some devs are worried about. Or maybe the payment link can be problematic. Perhaps using Firebase can give you some extra tools to be able to access user data - I'm not sure. But this feels like a good starting point to get the conversation going.

Thank you for your time. I look forward to learning from the community!

- Trace

[Andrew Roberts]

Without access to the source code I don't know of any way a user can access the Script properties. If you want to be really safe you can use Google's Secrets Manager.

The one thing I would be concerned about is the review process, and any associated costs if you are accessing user data and using an external API (re. sensitive and restricted scopes).

--
You received this message because you are subscribed to the Google Groups "Google Apps Script Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-script-c...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/48399eb4-cdf8-4403-91c5-fad872216d95n%40googlegroups.com.