Zuora supports the following grant types of OAuth2.0:
- Client Credentials
- Refresh Token
- Authorization Code
To add an OAuth 2.0 provider of either grant type, perform the following steps:
- Click View All Provider on Edit Notification page with OAuth 2.0 ticked, or navigate to Settings > Administration > Manage OAuth 2.0 Providers.
- Click new oauth 2.0 provider on All OAuth 2.0 Providers page.
- Fill in the fields on New OAuth 2.0 Provider page. See the table below for the descriptions of the fields.
- Click Save.
|Name of the new OAuth 2.0 provider.
|Grant Type (required)
OAuth 2.0 grant type. Supported grant types:
|Client ID (required)
|The client ID that your callout service uses to identify Zuora application.
|Client Secret (required)
|The client secret that your callout service uses to authenticate the identity of Zuora application.
The character limit for this field is 16,000.
Refresh Token (applicable only when the grant type is Refresh Token)
The refresh token that you get from your callout service. It allows the client to obtain a new access token without prompting the user authentication.
|Authorization Endpoint (applicable only when the grant type is Authorization Code)
|The authorization endpoint that is used to interact with the resource owner and get the authorization to access the protected resource. In the Authorization Code flow, Zuora exchanges the authorization code it got from the authorization endpoint for an access token.
|Access Token Endpoint (required)
|The endpoint that the client uses to obtain an access token given an authorization code.
|Revoke Endpoint (optional)
|The endpoint used by the authenticated client to revoke access and refresh token.
|Test Endpoint (optional)
|The endpoint that you can use to test your configuration.
|A space-delimited or comma-delimited list of permissions that Zuora requires.
Retrieve the ID of an OAuth 2.0 provider
To retrieve the ID of an OAuth 2.0 provider, perform the following steps:
- Navigate to Settings > Administration > Manage OAuth 2.0 Providers.
- On the All OAuth 2.0 Providers page, locate the provider whose ID you want to retrieve.
- Click the name of the OAuth 2.0 provider. The OAuth 2.0 Provider Details page opens.
You can find the 32-character ID in the page URL. For example, the ID is
8ad099158032b8ce01803fce92647f63in the following URL: