AUTOPNLGuide

5-minute setup

How to create a read-only Stripe API key

AutoPNL connects to your Stripe account using a restricted API key — a special key that can only read transactions and can never move money. This guide walks you through creating one in 5 minutes.

Why a restricted key?

  • AutoPNL only ever reads your transactions — never writes
  • A restricted key with read-only scopes cannot move money, issue refunds, or change anything
  • Stripe never exposes card numbers to API keys (read-only or otherwise)
  • You can revoke the key in 1 click at any time from your Stripe dashboard

Step-by-step

01

Open the Stripe API keys page

Sign in to Stripe and go to:

dashboard.stripe.com/apikeys

You'll see two tabs at the top: Standard keys and Restricted keys. Click Restricted keys.

02

Click “Create restricted key”

On the Restricted keys tab, look for the button:

+ Create restricted key
03

Name it “AutoPNL”

Stripe will ask for a name. This is just a label so you can recognize the key later.

Key name

AutoPNL

04

Set permissions to Read for these two scopes

Stripe shows a long list of resources. Find these two and set them to Read. Leave everything else as None.

BalanceRead
Balance transactionsRead

⚠ Both scopes are required. With only Balance, AutoPNL can confirm the key works but won't see any transactions. With only Balance transactions, the validation step fails on connect.

05

Create the key and copy it

Click Create key. Stripe will show the key one time — it starts with rk_live_ (or rk_test_ in test mode).

rk_live_51N••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

Copy this key to your clipboard immediately. Stripe will not show it again.

06

Paste it into AutoPNL

In AutoPNL, go to the dashboard or settings, paste the key, and click Connect. AutoPNL validates the key against Stripe and immediately starts importing the last 12 months of transactions.

Start free trial →

How to revoke the key

  1. Go back to dashboard.stripe.com/apikeys Restricted keys
  2. Click the row for the AutoPNL key
  3. Click Delete key (or Roll key to rotate it)

Once revoked, AutoPNL's next daily sync will fail with a 401 error. We'll email you within 24 hours and pause syncing. Your past reports stay intact.

FAQ

Can AutoPNL see my customers' card numbers?

No. Stripe never exposes card numbers to any API key, restricted or otherwise. Card data lives only inside Stripe's PCI-compliant vault.

Does AutoPNL store my Stripe API key?

Yes — but encrypted at rest with AES-256-GCM. The encryption secret lives in a separate environment variable, never in the database. Plain-text keys are never logged.

What data is sent to AI for categorization?

Only the transaction description, amount, and date. No card data, no customer emails, no IDs, no PII. Claude (the AI) gets a list of ~50 transactions at a time and returns category labels.

What if I rotate my Stripe key?

Create a new restricted key in Stripe, go to AutoPNL → Settings → Stripe Connection, disconnect the old one, and paste the new one. Takes 30 seconds.

Can I test in Stripe test mode first?

Yes. Create a restricted test key (it starts with rk_test_) and paste it into AutoPNL. You'll see your test-mode transactions categorized.

What permissions exactly does AutoPNL need?

Just two: Balance: Read and Balance transactions: Read. That's it. Anything else stays as None.

Ready?

Get your first P&L this month

Start free trial

14 days free, then $19/mo. Cancel anytime.