Zuora supports the following grant types of OAuth2.0:
- Client Credentials
- Refresh Token
To add an OAuth 2.0 provider of either grant type:
- Click View All Provider on Edit Notification page with OAuth 2.0 ticked, or navigate to Settings > Administration > Manage OAuth 2.0 Providers.
- Click new oauth 2.0 provider on All OAuth 2.0 Providers page.
- Fill in the fields on New OAuth 2.0 Provider page. See the table below for the descriptions of the fields.
- Click Save.
|Name (required)||Name of the new OAuth 2.0 provider.|
|Grant Type (required)||
OAuth 2.0 grant type. Supported grant types:
When Refresh Token is selected, the Refresh Token field will be displayed as a required field.
|Client ID (required)||The client ID that your callout service uses to identify Zuora application|
|Client Secret (required)||The client secret that your callout service uses to authenticate the identity of Zuora application|
Refresh Token (required)
(Applicable only when the grant type is Refresh Token)
The refresh token that you get from your callout service. It allows the client to obtain a new access token without prompting the user authentication.
|Access Token Endpoint (required)||The endpoint that the client uses to obtain an access token given an authorization code.|
|Revoke Endpoint (optional)||The endpoint used by the authenticated client to revoke access and refresh token.|
|Test Endpoint (optional)||The endpoint that you can use to test your configuration.|
|Scope (optional)||Specifies the level of access that Zuora application is requesting.|