[a_simm]

We had the exact same issue. Turns out cycling (all) the keys stopped it immediately. This was after looking through docs and many emails with stripe that never mentioned this as a solution.

[chrisdkemper]

How long did this work for you? I've cycled my keys multiple times and it goes any time from 6 weeks to less than a week till the attacks start again.

[newusertoday]

can you elaborate what do you mean cycling all keys?

[dinkleberg]

Cycling keys means replacing all of your API keys. So if you go into stripe and generate new keys and then update those in your app (it sounds like you need to make sure to replace all of the stripe related ones), you’ll have “cycled” them (then once your new keys are running, you should invalidate the old keys if they aren’t in use).