Zuora Testing Environments

API Sandbox

The API Sandbox is Zuora's "release preview" environment. It is a customer facing, multi-tenant environment that gets code deployed to it before Zuora's production environment. How early code gets deployed depends on the type of release: Major releases are usually deployed a week in advance, whereas minor releases and emergency patches get deployed days, hours or minutes before production. Zuora customers can purchase any number of tenants in this environment for a recurring annual fee.

API Sandbox is co-located in the same data center as the production environment, running on bare metal, but on a smaller footprint, offering less capacity.

The main use cases for API Sandbox include:

• Basic implementation configuration and integrations
• Training
• Integration testing
• Regression testing
• Release preview testing

This environment is located at:

• US Data Center - https://apisandbox.zuora.com/
• US Cloud Data Center - https://sandbox.na.zuora.com/
• EU Cloud Data Center - https://sandbox.eu.zuora.com/

Zuora Central Sandbox

Zuora Central Sandbox combines the capability to copy production data along with production-like performance into a single test environment tenant.  While Zuora Central Sandbox always comes with a snapshot of scrubbed production data, it can also be utilized for a brand new implementation in case the production tenant has no data at that time.  The use cases for Zuora Central Sandbox include everything that an API Sandbox does, and more:

• Basic implementation configuration and integration

• Training

• Integration testing

• Regression testing

• Performance testing (with guidelines)

• Pre-production testing

• User acceptance testing 

Zuora Central Sandbox is hosted on a production-like AWS infrastructure, allowing our customers to test the API response time, the bill runs and payment runs with production-level data loading. It provides a more realistic view of performance than API Sandbox.

While the Zuora Central Sandbox is designed for production-level performance, Zuora recommends you to contact Zuora Global Support if you plan to test over a certain amount of volume in a 24 hour period in the Zuora Central Sandbox. See Performance guidelines for the details.

In addition, the testing results can still vary from Production since both the Zuora Central Sandbox and Production are distinct multi-tenant environments, the performance of which are based on the overall usage across all your customers.

This environment is located at:

• For the US Data Center customers: https://test.zuora.com
• For the EU Data Center customers: https://test.eu.zuora.com 

Zuora Central Sandbox has the following limitations:

• Beta or Early Adopter features might not be supported. Contact Zuora Global Support or your account manager for more information.
• While Zuora Central Sandbox supports the capability to create and save reports in the Reporting tool, the saved reports in the production environment are currently not copied to Zuora Central Sandbox.

For more information, see Support for Zuora Features, Add-ons, Integrations.

General Information

	API Sandbox	Zuora Central Sandbox
Does this sound like you?	I just want to test soon-to-be released features. I want to perform data migration functional testing for a small customer base.	I want to test features in an isolated environment using my own data. I want to perform small scale data migration functional testing to validate functionalities. I want to perform bill runs timing load tests for an expected increase in volume. I want to perform data migration timing tests.
Suitable for	Previewing and functional testing new Zuora features before they are released to Production.	Functional testing with cloned configuration and data. Heavy-load performance and stress testing ([with guidelines])
Not Suitable for	Performance and load testing	Testing beyond Zuora’s standard concurrent request limits and application limits.
Data Migration Testing	Yes Suitable for less than 100,000 records	Yes
	An example of 100,000 records would be 50,000 accounts + 50,000 subscriptions.
Infrastructure Mimics Production	No	Yes, fully hosted on AWS.
Includes Environment Monitoring	Yes	Yes
Rollback Policy	Rollbacks are not supported on any environment. Zuora recommends that you revert changes yourself – if possible. Reverting changes are possible before posting transactions on a bill run.
Hardware	Bare metal (non-virtualized) environment. Does not have 1-to-1 relationship with the production environment. Configuration varies and is based on the number of servers and the specification of each server.	AWS cloud
Location	apisandbox.zuora.com	https://test.zuora.com https://test.eu.zuora.com
Supported API Authentication Schemes	OAuth 2.0 (recommended), username and password, authorization cookie, single-use tokens for CORS-enabled operations	OAuth 2.0 (recommended), username and password, authorization cookie, single-use tokens for CORS-enabled operations

Refresh Policy

Zuora performs two types of refreshes: A refresh for a new Zuora version and a data snapshot refresh.

	API Sandbox	Zuora Central Sandbox
Code base Refresh with Latest Zuora Version	Yes Automatically refreshed approximately one week before the production release. Production releases are deployed on a weekly basis unless the scheduled date is close to the month-end. API Sandbox is also automatically refreshed for maintenance releases.	Yes Automatically refreshed. Refreshes follow the API Sandbox release schedule. Maintenance releases also occur in this environment, following the same production release schedule. Note that release for Zuora Central Sandbox may occur a few days prior to, or following the production release.
Data Snapshot Refresh (Includes Scrubbed Data Copied from Production)	No You are responsible for loading your data, including creating user logins and global tenant settings.	On-demand. Refresh limited to once per monthly. Scrubbed data includes user logins, emails and global settings.
Historical PDF-generated Invoices	No You must generate PDF invoices from scratch.	No You must generate PDF invoices from scratch.

Scrubbed Data

The following table provides a summary of the data that is scrubbed.

	API Sandbox	Zuora Central Sandbox
Personal Settings	N/A	User’s work email address. Note: Email addresses are replaced with benign information or dummy data.
Commerce
Zuora for Salesforce - 360 Sync	N/A	Salesforce Credentials
Commerce Portal	N/A	Users are removed User Emails
Customer Catalog		No information needs to be scrubbed.
Promotion Codes		No information needs to be scrubbed.
Billing & Payments
Customer Account	N/A	Bill To and Sold To Contact information: Work and Personal Email Work, Mobile, Home and Other phone numbers, and Address fields Default Payment Method plus any Electronic Payment Methods
Payment Gateways	N/A	Payment Gateway credentials
Avalara Integration	N/A	Avalara credentials
Payment Pages (HPM 2.0)	N/A	RSA Public Key, RSA Private Key
Hosted Payment Method Pages (HPM 1.0)	N/A	API Security Key
Notifications and Callouts	N/A	Callout Base URL
Finance
NetSuite	N/A	NetSuite integration credentials
Additional Add Ons
Workflow	N/A	User Emails Scheduled Workflows are disabled Authentication tokens will be re-generated Historical jobs are excluded SMTP Settings Global Constants
Collections (All Apps)	N/A	Account Name API Tokens Usernames, Emails and Company Collections Manager schedules are excluded Statement Generator schedules are excluded SMTP Settings
Appstore Connector		Account Name
Tax Connector	N/A	Seller Company Name, Address, Tax Codes Credentials Historical Tax Requests excluded

Support for Zuora Features, Add-ons, Integrations

Zuora features, add-ons, and integrations are generally supported except where noted in the following table:

	API Sandbox	Zuora Central Sandbox
Notifications	Yes	Yes
Callouts	Yes	Yes
Single Sign-on	Yes	Yes
Two-factor Authentication	Yes	Yes
Reporting	Yes	Yes
New Invoice File Generation Service	Yes	Yes
New Quote File Generation Service	Yes	Yes
Orders UI, including creating Orders through the UI	Yes	Yes
Settings API	Yes	Yes
Data Query	Yes	Yes
Analytics	Yes	Yes
Custom Objects	Yes	Yes
Events and Triggers	Yes	Yes
Add-ons and Integrations
Zuora for Salesforce	Yes	Yes
	Zuora requires a 1-to-1 relationship with Salesforce for each Zuora environment.
Zuora 360	Manual, on-demand and scheduled	Manual, on-demand and scheduled
Zuora 360+	Real-Time Sync	Real-Time Sync
Data Connect (Configurable Sync)	Yes	Yes
Z-Suite	Yes	Yes
Avalara Connector	Yes	Yes
Payment Gateways	Yes Includes any gateway that is supported in production	Yes
Insights	No	No
Collections	Yes	Yes

Limits Policy

	API Sandbox	Zuora Central Sandbox
Concurrent Request Limits	Bounded by Policy	Bounded by Policy

 

If Customer’s use of the Service exceeds the usage limits in the applicable contracts or as described in this Knowledge Center article for any products provided, Customer must either purchase additional usage, if applicable, or move to the next edition of the Service. If Customer does not choose either of the options, Customer shall be considered out of compliance with such Service.

Security

	API Sandbox	Zuora Central Sandbox
PCI-compliant	Yes	No
SOC 1 and SOC 2-compliant	Yes	Yes
HIPAA-compliant	Yes	Yes
IP Whitelist	Yes	Yes
Two-factor Authentication	Yes	Yes

Zuora is committed to safeguarding the security, confidentiality, integrity, and availability of all physical and electronic information assets of the Company to ensure that regulatory, operational, and contractual requirements are fulfilled. Zuora's internal controls are benchmarked against industry standards such as ISO27001, ISO27018, PCI DSS Level 1, SOC 1, SOC 2 and HIPAA. Zuora Central Sandbox will be included in future ISO27001, ISO27018, PCI DSS Level 1, SOC 1, SOC 2 and HIPAA assessments starting in the fall of 2020. 

Provisioning and Refreshing Your Data

Zuora provides the following guidelines for provisioning and data refresh turnaround times for Test Environments.  We continuously strive to optimize performance and provide the best possible turnaround times for you.

When a Zuora Central Sandbox is provisioned, it will execute a data copy process that brings over a snapshot of your production data, with sensitive and PII data scrubbed. Subsequently, every data refresh request will take a new snapshot of your scrubbed production data.  In both cases, the complete snapshot of your production data are as of the date and time when the request is submitted, as the data copy process will be triggered at a time after your request is made. Note that the scheduled runs, including Bill Run and Payment Run, are not copied from your production environment to Zuora Central Sandbox during the provisioning or refreshing process.

While the data copy for most tenants can be completed within less than 3 business days, it can take longer time to complete the data copy for large tenants. In addition, the process may also take longer during the first week of a month, a peak time of data refresh requests to get a full data snapshot of the previous month.

	API Sandbox	Zuora Central Sandbox
Provisioning Turnaround (includes the copy of production data)	None Immediate with logins	Yes 2-3 business days Turn around is the best effort, and it may be longer for large size tenants.
Data Copy Request Method	None	Global Support
Data Copy Frequency	None	Once every 29 Days
Data Copy Requests	None Immediate with logins	Yes 2-3 business days Turn around is the best effort, and it may be longer for large size tenants.
Order Form or SOW Required	Yes	Yes
Included with Platform Fee?	Yes Number of instances depends on Zuora Edition	No Contact Zuora Global Support or your Account Contact for more information.