Collect webhook-endpoint configuration and account security settings as read-only PCI-adjacent compliance evidence through the Stripe API. Scoped strictly to security configuration, not payment, billing, or customer financial data, and NOT a substitute for a real PCI DSS assessment. Note: Stripe does not expose API-key listing/rotation status via the API for security reasons, so key-management evidence must be tracked manually.
Checks this connector runs once it's connected. This is the full list; we don't claim coverage beyond what's implemented.
The exact Stripe (Security Config) API endpoints called once connected. All read-only GET requests unless noted.
Field labels only. We never show secret values here. Credentials are encrypted at rest and used only to run the checks above.
Required
Optional
Stripe (Security Config) evidence feeds into controls for any framework you run that requires this check type; the same synced evidence can satisfy more than one framework's requirements instead of being collected per audit.
Tell us what you use and what it needs to prove. We'll follow up about adding a connector.
Get a guided demo, or start by scanning any domain for free.