To use the Zuora REST or SOAP API, your application will need to present user credentials for an account that has API write access. The administrator for your tenant can create an API user in two steps:
Zuora recommends that you never use your API user credentials to log into the Zuora application. If an API user account is used to log into the Zuora application, this login becomes subject to the periodic forced password expirations. This automatic security feature may eventually cause API authentication failures that can be hard to diagnose.
The API user account must be used exclusively for API access. It is usually best to create a new user account specifically for this purpose and assign it the API user role.
All newly-created users are assigned a "Pending Active" status until they respond to the invitation email and create a password on the Zuora website.
We recommend your new API user to open the password link in Incognito Window. Otherwise, you may experience cookie issues and may not be able to log-in with another user easily.
When API-only users create or reset a password on the Zuora website, they may receive an error message: The page you were looking for could not be found. Despite the error message, the password actually has been created or reset and the user status immediately changes to "Active" on the administrator's list of users.
If you log into the Zuora application as a non-API user and still receive the above error message, clear your cookie cache or wait for the user cookie to timeout at the end of your tenant's configured session duration.