Knowledge Center > API > REST API > REST API Reference > RSA Signatures > Decrypt


The REST API used in Payment Pages 2.0 are CORS (Cross-Origin Resource Sharing) enabled and therefore requires a digital signature. You use rsa_signatures to generate the required digital signature and token for a Payment Pages 2.0 form, and then you use the decrypt REST service to decrypt the signature to validate the signature and key.

This REST service should be used only when you implement Payment Pages 2.0. 


  • Production: POST
  • API Sandbox: POST

Request Parameter

publicKey Required The public key generated by Zuora.
method Required The type of the request. Set it to POST.
signature Required The signature generated by Zuora.


The following information is returned in a response:

publicKey The public key passed in as a request parameter.
signature The signature passed in as a request parameter.

The string of a list of the following items: Payment Pages 2.0 URL, tenant ID, timestamp,
the Payment Page ID

The items are separated by '#', e.g., "/apps/

success True if the request is successful.


Here is a sample code in Java that descrypts the digital signature for Payment Pages 2.0:


import java.util.Map;

import com.rsa.certj.provider.pki.URLDecoder;
import com.zuora.util.MapUtil;

public class SignatureTest {

    private static final String rest_uri = "/v1/rsa-signatures/decrypt";
    public static void main(String[] args) throws Exception {
        RestClient.login("", "myPassword");
        // Post request params
        Map<String, String> postSignatureReq = MapUtil.of(
                "publicKey", myPublicKey,
                "method", "POST",
                "signature", mySignature
        Map result =, postSignatureReq, Map.class);
        StringTokenizer st = new StringTokenizer(result,"#");
        String url = st.nextToken();
        String tenanId = st.nextToken();
        String token = st.nextToken();
        String timestamp = st.nextToken();
        String pageId = st.nextToken();
        System.out.printf("url: %s\n token: %s\n tenantId: %s\n timestamp: %s pageId: %s\n", 
           url, token, tenantId, timestamp, pageId);

Here is a sample code in Python that decrypts the digital signature generated for Payment Pages 2.0:

import requests
import json
import ZuoraSSL

rest_url = ‘’

data = {"publicKey": my_publicKey, "method": "POST", "signature": my_hosted_signature}
headers = {'content-type': 'application/json'}

response =, data=json.dumps(data), auth=(my_username, my_password), headers=headers)
decrypted = response.json()




Last modified



(not set)