RSA Signatures

Knowledge Center > API > REST API > REST API Reference > RSA Signatures

RSA Signatures

The REST API used in Payment Pages 2.0 are CORS (Cross-Origin Resource Sharing) enabled and therefore requires a digital signature. The POST rsa_signatures call generates and returns the required digital signature and token for a Payment Pages 2.0 form. You need to pass the generated signature to your client for it to access Payment Pages 2.0. 

This REST service should be used only when you implement Payment Pages 2.0. 


  • Production: POST
  • API Sandbox: POST

Request Parameter

uri Required ​The URL that the Payment Page will be served from. Set it to:
  • if you are on the production environment​
  • if you are on the API Sandbox environment
method Required The type of the request. Set it to POST.
pageId Required The page id of your Payment Pages 2.0 form. Click Show Page Id next to the Payment Page name in the Hosted Page List to retrieve the page id.


The following information is returned in a response:

signature Digital signature generated for this Payment Page.
token Token generated for this Payment Page.
tenantId ID of the Zuora tenant.
key Public key generated for this Payment Page.
success True if the request is successful.


Here is a sample code in Java that requests the digital signature and other information from Zuora:


import java.util.Map;

import com.rsa.certj.provider.pki.URLDecoder;
import com.zuora.util.MapUtil;

public class SignatureTest {

    private static final String collection_uri = "/v1/rsa-signatures";
    public static void main(String[] args) throws Exception {
        RestClient.login("", "password");
        String uri = "";
        // Post request params
        Map<String, String> postSignatureReq = MapUtil.of(
      , uri,
      , "POST",
                "pageId", "4028920a47a015ce0147a0199921000d"
        Map result =, postSignatureReq, Map.class);
        String token = (String) result.get("token");
        String key = (String) result.get("key");
        String tenantId = (String) result.get("tenantId");
        String signature = (String) result.get("signature");
        Boolean success = (Boolean) result.get("success");
        System.out.printf("success: %s\n token: %s\n tenantId: %s\n signature: %s\n public key: %s\n", success, token, tenantId, URLDecoder.decode(signature) , key);

Here is a sample code in Python that requests the digital signature and other information from Zuora:

import requests
import json

rest_call_url = ‘’
my_hosted_page_url = ‘’
my_hosted_page_id = ‘’
my_username = ‘’
my_password = ‘’

data = {"uri": my_hosted_page_url, "method": "POST", "pageId": my_hosted_page_id}
headers = {'content-type': 'application/json'}

response =, data=json.dumps(data), auth=(my_username, my_password), headers=headers)
response_json = response.json()

token = response_json['token']
signature = response_json['signature']
key = response_json['key']
tenant_id = response_json['tenantId']



Last modified



(not set)