woocommerce · wjrosa · May 17, 2025 · May 15, 2025 · May 15, 2025 · May 15, 2025
diff --git a/includes/class-wc-stripe-api.php b/includes/class-wc-stripe-api.php
@@ -16,6 +16,20 @@ class WC_Stripe_API {
 	const ENDPOINT           = 'https://api.stripe.com/v1/';
 	const STRIPE_API_VERSION = '2024-06-20';
 
+	/**
+	 * The test mode invalid API keys transient key.
+	 *
+	 * @var string
+	 */
+	const TEST_MODE_INVALID_API_KEYS_TRANSIENT_KEY = 'wcstripe_test_invalid_api_keys_detected';
+
+	/**
+	 * The live mode invalid API keys transient key.
+	 *
+	 * @var string
+	 */
+	const LIVE_MODE_INVALID_API_KEYS_TRANSIENT_KEY = 'wcstripe_live_invalid_api_keys_detected';
+
 	/**
 	 * Secret API Key.
 	 *
@@ -231,6 +245,13 @@ public static function request( $request, $api = 'charges', $method = 'POST', $w
 	 * @param string $api
 	 */
 	public static function retrieve( $api ) {
+		// If we have a transient indicating that the secret key is not valid, we dont't attempt the API call and we return an error.
+		$invalid_api_keys_transient_key = WC_Stripe_Mode::is_test() ? self::TEST_MODE_INVALID_API_KEYS_TRANSIENT_KEY : self::LIVE_MODE_INVALID_API_KEYS_TRANSIENT_KEY;
+		$invalid_api_keys_detected = get_transient( $invalid_api_keys_transient_key );
+		if ( $invalid_api_keys_detected ) {
+			return json_decode( '' ); // The UI expects this empty response in case of invalid API keys.
+		}
+
 		WC_Stripe_Logger::log( "{$api}" );
 
 		$response = wp_safe_remote_get(
@@ -242,6 +263,12 @@ public static function retrieve( $api ) {
 			]
 		);
 
+		// If we get a 401 error, we know the secret key is not valid, we save a transient to avoid making calls until the secrect key gets updated.
+		if ( is_array( $response ) && ! empty( $response['response']['code'] ) && 401 === $response['response']['code'] ) {
+			set_transient( $invalid_api_keys_transient_key, true );
+			return json_decode( '' ); // The UI expects this empty response in case of invalid API keys.
+		}
+
 		if ( is_wp_error( $response ) || empty( $response['body'] ) ) {
 			WC_Stripe_Logger::log( 'Error Response: ' . print_r( $response, true ) );
 			return new WP_Error( 'stripe_error', __( 'There was a problem connecting to the Stripe API endpoint.', 'woocommerce-gateway-stripe' ) );

diff --git a/includes/connect/class-wc-stripe-connect.php b/includes/connect/class-wc-stripe-connect.php
@@ -183,6 +183,9 @@ private function save_stripe_keys( $result, $type = 'connect', $mode = 'live' )
 			update_option( 'wc_stripe_' . $prefix . 'oauth_failed_attempts', 0 );
 			update_option( 'wc_stripe_' . $prefix . 'oauth_last_failed_at', '' );
 
+			// Clear the invalid API keys transient.
+			delete_transient( $is_test ? WC_Stripe_API::TEST_MODE_INVALID_API_KEYS_TRANSIENT_KEY : WC_Stripe_API::LIVE_MODE_INVALID_API_KEYS_TRANSIENT_KEY );
+
 			if ( 'app' === $type ) {
 				// Stripe App OAuth access_tokens expire after 1 hour:
 				// https://docs.stripe.com/stripe-apps/api-authentication/oauth#refresh-access-token