This guide applies when you connect Stripe as your own processor through Bring Your Own Processor (BYOP). Talk to us if you need help.
Enable raw card data access
To route payments through your Stripe account while Dodo Payments powers billing on top, Dodo needs to pass card details to Stripe on your behalf using Stripe’s raw card data APIs. By default, Stripe accounts can’t send raw card numbers (PANs) directly to its APIs. Stripe gates this behind an approval that confirms the systems handling raw card data are PCI DSS compliant. With BYOP, the system that handles card data is Dodo Payments, which is PCI DSS Level 1 compliant — so you prove compliance using Dodo Payments’ certification rather than your own. You request this access once, per account. When you request access, Stripe asks for a short description of how card data is handled — state that Dodo Payments, your PCI DSS Level 1-compliant payment provider, processes the raw card data and that your own systems never store or touch raw card numbers (PANs). Because Dodo Payments handles the data, you don’t need your own SAQ D; submit Dodo Payments’ Attestation of Compliance (AOC) as your proof:Dodo Payments PCI DSS Attestation of Compliance (AOC)
Download Dodo Payments’ current AOC and submit it to Stripe when you request raw card data access.
Enabling access to raw card data APIs
Stripe’s guide to requesting raw card data API access on your account.
What you’ll need
Once Stripe confirms raw card data access, connect Stripe in Settings → BYOP. Gather two values from your Stripe Dashboard:| Value | Where it comes from |
|---|---|
| Secret key | Developers → API keys |
| Webhook signing secret | Generated when you add the webhook |
Stripe keeps test and live credentials separate — switch with the Test mode / Live mode toggle in the Dashboard. Generate credentials in the environment that matches the mode you’re configuring in Dodo.
Step 1: Get your secret key
Open API keys
In the Stripe Dashboard, go to Developers → API keys. Use the Test mode / Live mode toggle to match the environment you’re configuring.
Step 2: Set up the webhook and signing secret
Dodo generates a Webhook Endpoint URL when you save the Stripe connection. Add it as a webhook in Stripe, then copy the signing secret.Add an endpoint
In the Stripe Dashboard, go to Developers → Webhooks and select Add endpoint. Paste the Webhook Endpoint URL that Dodo generated (it must be HTTPS and publicly accessible) and select the events to listen for.
Reveal the signing secret
Open the endpoint’s detail page and select Reveal secret to view the Signing secret — it starts with
whsec_. The secret is unique to each endpoint, and test and live endpoints have different secrets.Frequently asked questions
Do I need my own PCI certification (SAQ D)?
Do I need my own PCI certification (SAQ D)?
No. Because Dodo Payments handles the raw card data on your behalf and is PCI DSS Level 1 compliant, you submit Dodo Payments’ Attestation of Compliance (AOC) to Stripe instead of completing your own SAQ D or undergoing a separate audit.
Why can't Stripe just enable this by default?
Why can't Stripe just enable this by default?
Sending raw card numbers to an API brings the sending system into PCI DSS scope. Stripe requires proof of PCI compliance before enabling raw card data APIs so that cardholder data stays protected. Dodo Payments is PCI DSS Level 1 compliant, so you provide Dodo Payments’ AOC as that proof.
Can I test BYOP before getting live approval?
Can I test BYOP before getting live approval?
Yes. Ask Stripe to enable raw card data APIs in test mode, which needs no PCI documentation, and connect Stripe in test mode in Dodo. You’ll need the live-mode approval before processing real payments.
I lost my secret key or signing secret, what now?
I lost my secret key or signing secret, what now?
Generate a new key under Developers → API keys, or open the webhook endpoint and select Reveal secret to view the signing secret again, then update the value in Settings → BYOP.