Navigate to Payments Settings > Setup Hosted Pages in the Zuora UI to configure Payment Pages 2.0.
Configure security settings for Payment Pages 2.0
Before configuring a Payment Page for a specific payment method type, you can optionally configure the following security settings:
Rate limiting configuration
Zuora provides several rate limiting settings to help you manage fraud and malicious use of Payment Pages. The following settings are specific to Payment Pages 2.0:
- Enable Rate Limiting - Select this check box if you want to enable rate limiting for your Payment Pages.
- IP Whitelist - The whitelisted IP ranges are not subject to the rate limiting configuration. You can specify a maximum of 50 IPv4 address ranges or 20 IPv6 address ranges.
- Submission Limit Per Minute - The number of times a page can be submitted per minute per IP. The default value is 3.
- Submission Limit Per Hour - The number of times a page can be submitted per hour per IP. The default value is 15.
If the number of page submissions exceeds the configured thresholds, the
Too many submissions. Please retry later. error message is displayed.
Google reCAPTCHA v2 Keys Configuration
The CAPTCHA challenge feature for Payment Pages 2.0 in Zuora is implemented based on the Google reCAPTCHA service. You can add Google reCAPTCHA to your site to monitor the traffic on your site so that potential security issues can be identified at an early stage. To add Google reCAPTCHA, specify the following fields in the Google reCAPTCHA v2 Keys Configuration area:
- Site Key
- Secret Key
Both fields are Google reCAPTCHA v2 keys that you can obtain from your Google reCAPTCHA Admin Console. For more information, see Google reCAPTCHA developer documentation. Note that you have to add your domains for both sandbox and production environments in the Google reCAPTCHA Domains setting.
Create Payment Pages 2.0
The following payment method types are supported for Payment Pages 2.0. Click the following payment method types for the detailed configuration steps: