Founding cohort open — lock in 10% (half off) for your first 12 monthsApply →
Victava
Install on Stripe
Menu ↓

Help Center

Connecting Stripe

Victava installs on Stripe. Here's what happens during the OAuth handshake, what scopes we ask for, and how Shopify data fits in.

OAuth scope

Victava uses Stripe Apps’ granular permissions. We request event read; dispute read/write; charge read/write; customer read; and file write. Dispute and file writes submit evidence you approve. Charge writes are used only when you explicitly request an inquiry refund or enable capped early-fraud-warning auto-refunds. We cannot create new charges, transfers, or payouts.

What happens during the handshake

  1. You click Connect Stripe on the onboarding page.
  2. Victava sends you to Stripe over a secure, single-use connection link that expires in 30 minutes.
  3. You sign in to Stripe and approve Victava’s access.
  4. Stripe sends you back to Victava with a short-lived authorization code.
  5. Victava exchanges that code for an access credential, stores it in an encrypted vault, records the connection, and writes an audit-log entry.

Webhook setup

After connect, Victava’s platform-level webhook endpoint is already authorised to receivecharge.dispute.created, charge.dispute.closed, and charge.dispute.updated for your account. You don’t need to add a webhook in your own Stripe dashboard.

Every webhook is signature-verified usingSTRIPE_WEBHOOK_SECRET via Stripe SDKconstructEventAsync. Idempotency is keyed onevent.id; redeliveries are no-ops.

Where Shopify fits in

Victava connects to your Stripe account and defends your Stripe disputes. We pull data from Shopify (orders, fulfillment, tracking) to win your Stripe disputes today. Run on Shopify Payments instead of Stripe? It's not live yet — tell us and we'll build it; we ship processor support fast for our first merchants (support@victava.com). Once Stripe is connected, you can also link your Shopify store as a data source — orders, fulfillment, and tracking that strengthen the evidence on a Stripe dispute.

One caveat: if your card processing runs through Shopify Payments rather than a direct Stripe account, the disputes themselves originate in Shopify’s Stripe-on-Connect setup — a different OAuth path we don’t defend yet. Today, Victava works for any merchant whose own Stripe account is connectable through OAuth.

Disconnecting

Open Settings → Integrations in Victava and choose Uninstall. Victava sends you to Stripe’s Installed Apps settings, where you revoke the Marketplace app. Stripe then notifies Victava to disable the connection and delete both vaulted OAuth credentials. Legacy Connect installations can still disconnect directly inside Victava.

See also: /security for our credential-handling posture, or /integrations for the full integration list.

Next: The approval queue

Run the free leak audit

Connect Stripe in 90 seconds. Victava scans the last 12 months of your disputes and shows you exactly where it would have helped.

Run my free leak auditSee live win rate