From c83b6404e0b0645bf7b6d1fb80201b16c2ad425e Mon Sep 17 00:00:00 2001
From: Ben Sturmfels <ben@sturm.com.au>
Date: Fri, 15 Nov 2024 21:03:30 +1100
Subject: [PATCH] supporters: Document "restricted API key" required
 permissions

---
 conservancy/supporters/views.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/conservancy/supporters/views.py b/conservancy/supporters/views.py
index 6178cd05..794abdf2 100644
--- a/conservancy/supporters/views.py
+++ b/conservancy/supporters/views.py
@@ -195,6 +195,9 @@ def sustainers_stripe(request):
     return render(request, 'supporters/sustainers_stripe.html', {'form': form})
 
 
+# Use a "restricted" API key and grant access to:
+# - checkout sessions (write)
+# - credit notes (read) - unclear why, subscription sign-ups fail otherwise
 stripe.api_key = settings.STRIPE_API_KEY
 if stripe.api_key == '':
     logger.warning('Missing STRIPE_API_KEY')