Skip to main content

OAuth 2.0


OAuth 2.0

This feature lets you authenticate callouts using an OAuth 2.0 provider. This article describes how to manage OAuth 2.0 providers. 

This feature is in Limited Availability and available only to certain customers. We are currently not accepting access to this feature. 

Working With OAuth 2.0

The general workflow for working with OAuth 2.0 in Zuora is as follows:

  1. Add a new OAuth 2.0 provider.
  2. Get and test a token.
  3. Enable the provider for use with Zuora callouts.

Managing OAuth 2.0 Providers

In order to implement OAuth 2.0 providers, follow these steps:​

  1. Go to Settings > Administration Settings.admin_settings.png
  2. Click Manage OAuth 2.0 Providers.This page shows all OAuth 2.0 providers available to you.
  3. Click new oauth2 provider.
  4. Enter the requested information.
    Field Description



    Use a unique name. You can use a meaningful name to specify individual OAuth 2.0 providers.

    Grant Type


    Only Client Credentials is currently allowed.

    Client ID


    Enter the client id that you got from your OAuth 2.0 provider.

    Client Secret


    Enter the client secret that you got from your OAuth 2.0 provider.

    Access Token EndPoint


    The URL used to get the access token for the given Client ID and Client Secret.

    Revoke EndPoint


    The URL used to revoke the access token.

    Test EndPoint


    The URL used to test the access token.



    The value of the scope parameter is expressed as a list of space or comma separated, case sensitive strings. The strings are defined by the authorization server.
  5.  Click save.

Enable OAuth 2.0 Provider for Callouts

  1. Go to Settings > Z-Billing Settings > Setup Profiles, Notifications, and Email Templates.
  2. Add a new notification or edit an existing notification.
  3. Select OAuth 2.0 for the Callout Authentication.
  4. Choose an OAuth 2.0 provider from the dropdown list.
  5. Click save.


View OAuth 2.0 Provider Details

  1. On the Manage OAuth 2.0 Providers page, click on the name of the provider that you want to see the details for.
  2. If you want to get a token, click obtain token.
  3. If you want to refresh your token, click refresh token.
  4. Once you have a token, you can test the token by clicking test token if the test token URL is provided.
  5. If you want to revoke a token, click revoke token if the revoke token URL is provided.


Delete an OAuth 2.0 Provider

On the Manage OAuth 2.0 Providers page, click Del on the same line as the provider that you want to delete. Note that you cannot delete an OAuth 2.0 provider that is being used by any Zuora callout notifications.