Skip to main content

Create an API User


Create an API User

To use the Zuora REST API or SOAP API, your application will need to present user credentials for an account that has API write access. The administrator for your tenant can create an API user in two steps:

  1. Create an API user role. This is a role that's used only for application API access, not for general use.
  2. Assign the role to a user. This is a user created specifically for this purpose.

Zuora recommends that you never use your API user credentials to log into the Zuora UI. If an API user account is used to log into the Zuora UI, this login becomes subject to the periodic forced password expirations. This automatic security feature may eventually cause API authentication failures that can be hard to diagnose. 

Create an API user role

  1. Log in to Zuora as the tenant administrator.
  2. Click the user name at the top right and click Administration.
  3. On the Administration Settings page, click Manage User Roles
  4. On the Manage Roles page, click Add new role
  5. In the Basic Info section on the New Role page, enter a name in the Role Name field that clearly identifies this role, such as API user.
  6. In the Platform Permissions section, select the API Write Access check box and leave the UI Access box unchecked. This gives the role the ability to create, update, and delete data in the SOAP and REST APIs, but not to log into the UI.
  7. Click Save. The Manage Roles page displays the API user role.

Create an API user

The API user account must be used exclusively for API access. It is usually best to create a new user account specifically for this purpose and assign it the API user role.

  1. Log in to Zuora as the tenant administrator.
  2. Click the user name at the top right and click Administration.
  3. On the Administration Settings page, click Manage Users.
  4. On the All Users page, click add single user to create a new user, or click the name of an existing user to change that user's access. 
  5. Fill in the fields. We recommend using a name that suits the purpose, such as the name of your application, or "Dev" or "QA".
  6. Select API user for the Zuora Platform Role option.
  7. Configure the user setting as described in Platform Roles.
  8. Click Save to create the user. 

All newly-created users are assigned a Pending Active status until they respond to the invitation email and create a password on the Zuora website.

We recommend your new API user open the password link in an Incognito window. Otherwise, you might experience cookie issues and might not be able to log in with another user easily.

When API-only users create or reset a password on the Zuora website, they may receive an error message: The page you were looking for could not be found. Despite the error message, the password actually has been created or reset and the user status immediately changes to "Active" on the administrator's list of users.

If you log into the Zuora application as a non-API user and still receive the above error message, clear your cookie cache or wait for the user cookie to timeout at the end of your tenant's configured session duration.