From c00d42687fc2be902be7da2d4210d30bf5a11939 Mon Sep 17 00:00:00 2001
From: affan-apisecu <138281264+affan-apisecu@users.noreply.github.com>
Date: Wed, 7 Jan 2026 21:07:32 +0500
Subject: [PATCH] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8e8de21..0728e02 100644
--- a/README.md
+++ b/README.md
@@ -711,7 +711,7 @@ curl https://api.stripe.com/v1/charges -u token_here:
 
 Keep the colon at the end of the token to prevent `cURL` from requesting a password.
 
-The token is always in the following format: `sk_live_24charshere`, where the `24charshere` part contains 24 characters from `a-z A-Z 0-9`. There is also a test key, which starts with `sk_test`, but this key is worthless since it is only used for testing purposes and most likely doesn't contain any sensitive information. The live key, on the other hand, can be used to extract/retrieve a lot of info — ranging from charges to the complete product list.
+The token is always in the following format: `sk_live_24charshere`, where the `24charshere` part contains 24 characters from `a-z A-Z 0-9`. There is also a test key and a publishable key both of these keys start with `sk_test` and `pk_live` respectively, but both of these keys are worthless. Because the test key is only used for testing purposes and most likely doesn't contain any sensitive information. On the other hand, the publisable key is also intended to be exposed on client side and does not return any sensitive information. The live key, on the other hand, can be used to extract/retrieve a lot of info — ranging from charges to the complete product list.
 
 Keep in mind that you will never be able to get the full credit card information since Stripe only gives you the last 4 digits.