I have a controller that calls the Stripe API using stripe-php to create a checkout session.
public function checkout(Request $request): Response {
$stripe_settings = $this->config('stripe.settings');
Stripe::setApiKey($stripe_settings->get('apikey.' . $stripe_settings->get('environment') . '.secret'));
$checkout_session = Session::create([
'line_items' => [
[
'price_data' => [
'currency' => 'usd',
'unit_amount' => 100,
'product_data' => [
'name' => 'Product $1',
'description' => 'Description',
],
],
'quantity' => 1,
],
],
'mode' => 'payment',
'success_url' => 'https://example.com/success?session_id={CHECKOUT_SESSION_ID}',
'cancel_url' => 'https://example.com/cancel',
]);
$checkout_url = $checkout_session->baseUrl() . $checkout_session->instanceUrl();
$url = Url::fromUri($checkout_url, ['absolute' => TRUE, 'https' => TRUE])->toString(TRUE);
$headers = [
'Authorization' => 'Bearer ' . Stripe::getApiKey(),
];
$response = new TrustedRedirectResponse($url->getGeneratedUrl(), Response::HTTP_SEE_OTHER, $headers);
$response->addCacheableDependency((new CacheableMetadata())->setCacheMaxAge(0));
return $response;
}
So I call Stripe::setApiKey
, I have my keys correctly set up (the checkout session is created), and the redirect to the external Stripe.com checkout session URL works. But it says the API key is missing from the headers.
I checked using Fiddler, and the header I added is sent correct in the controller's redirect response.
When looking at Stripe's checkout documentation, it doesn't use a controller, and it doesn't seem to need a separate header with the API key. So I'm not really sure what I'm missing. Do I have to do something different to ensure the header stays there after the redirect occurs in the browser or something?