Yeah, they most probably updated their documentation after this incident.

And you're right, I should've been more security-minded. But to be honest, I didn't think that I had to. I was under the impression that RapidAPI would take care of it. And I was wrong to assume that, obviously.

And you're also right, that if I had done the whole onboarding and payment integration thing by myself, I might've faced similar problem; and Stripe might've given me the same answer as they did to RapidAPI.

But, that will be my responsibility, and my loss only. And I will NOT be giving away 20% of my earnings for nothing.

I was mad at both --- RapidAPI and the scammer.

PS: I'm facing a similar payment issue in one of my other API, also listed on RapidAPI, called "SpellCheck API". The amount is $100 which I was supposed to receive on 25th May 2022.

And this time, there was no hacking, no attack, nothing ... (unless this user, from Saudi Arabia also declared his card "stolen").

Still... I didn't get any payment yet.