Skip to main content

Zuora Testing Environments


Zuora Testing Environments

Zuora environments represent private tenant access to the Zuora application, APIs, and supported integrations and payments gateways. This article describes the following information for Zuora Billing, Zuora Payments, Zuora CPQ, and Zuora Central Platform. For details about testing environments for Zuora Revenue, see Test Zuora Revenue in different environments.

Sandbox Comparisons

See the following contrasts between API Sandbox and Zuora Central Sandbox:

General Information

  API Sandbox Zuora Developer Sandbox Zuora Central Sandbox

Does this sound like you?

  • I just want to test soon-to-be released features.

  • I want to perform data migration functional testing for a small customer base.

  • I want to test soon-to-be released features against the settings and configuration I have in Production.

  • I want to perform unit testing/integration development and testing.


  • I want to test features in an isolated environment using my own data.

  • I want to perform small scale data migration functional testing to validate functionalities.

  • I want to perform bill runs timing load tests for an expected increase in volume.

  • I want to perform data migration timing tests.

Suitable for

Previewing and functional testing new Zuora features before they are released to Production.

Unit testing and Integration development and Testing

Functional testing with cloned configuration and data.

Heavy-load performance and stress testing ([with guidelines])

Not Suitable for

Performance and load testing

Performance and load testing

Testing beyond Zuora’s standard concurrent request limits and application limits.

Data Migration Testing


Suitable for less than 100,000 records


Suitable for less than 100,000 records


An example of 100,000 records would be 50,000 accounts + 50,000 subscriptions. 



Infrastructure Mimics Production



Yes, fully hosted on AWS.

Includes Environment Monitoring




Rollback Policy

Rollbacks are not supported on any environment. Zuora recommends that you revert changes yourself – if possible. Reverting changes are possible before posting transactions on a bill run. 


AWS cloud

AWS cloud

AWS cloud


Supported API Authentication Schemes

OAuth 2.0 (recommended), username and password, authorization cookie, single-use tokens for CORS-enabled operations

OAuth 2.0 (recommended), username and password, authorization cookie, single-use tokens for CORS-enabled operations

OAuth 2.0 (recommended), username and password, authorization cookie, single-use tokens for CORS-enabled operations

Refresh Policy

Zuora performs two types of refreshes: A refresh for a new Zuora version and a data snapshot refresh.

  API Sandbox Zuora Central Sandbox
Code base Refresh with Latest Zuora Version

Automatically refreshed approximately one week before the production release. Production releases are deployed on a weekly basis unless the scheduled date is close to the month-end.

API Sandbox is also automatically refreshed for maintenance releases.


Automatically refreshed. Refreshes follow the API Sandbox release schedule.

Maintenance releases also occur in this environment, following the same production release schedule.

Note that release for Zuora Central Sandbox may occur a few days prior to, or following the production release.

Data Snapshot Refresh (Includes Scrubbed Data Copied from Production) No

You are responsible for loading your data, including creating user logins and global tenant settings.

On-demand. Refresh limited to once per monthly.

Scrubbed data includes user logins, emails and global settings.

Historical PDF-generated Invoices


You must generate PDF invoices from scratch.


You must generate PDF invoices from scratch.

Scrubbed Data

The following table provides a summary of the data that is scrubbed.

  API Sandbox Zuora Central Sandbox
Zuora for Salesforce - 360 Sync N/A Salesforce Credentials
Commerce Portal N/A
  • Users are removed
  • User Emails
Customer Catalog   No information needs to be scrubbed.
Promotion Codes   No information needs to be scrubbed.
Billing & Payments  
Customer Account N/A Bill To and Sold To Contact information:
  • Work and Personal Email
  • Work, Mobile, Home and Other phone numbers, and Address fields
  • Default Payment Method plus any Electronic Payment Methods
Avalara Integration N/A Avalara credentials
Notifications and Callouts N/A N/A
Payment Method N/A After a Zuora Central Sandbox is provisioned, the previous payment methods are no longer available in the Central Sandbox environment. You have to create new payment methods.
Payment Gateway Configurations N/A Payment gateway credentials and endpoints.
NetSuite N/A

NetSuite integration credentials

Additional Add Ons  
Workflow N/A
  • User Emails
  • Scheduled Workflows are disabled
  • Authentication tokens will be re-generated
  • Historical jobs are excluded
  • SMTP Settings
  • Global Constants
Collections (All Apps) N/A
  • Account Name
  • API Tokens
  • Usernames, Emails and Company
  • Collections Manager schedules are excluded
  • Statement Generator schedules are excluded
  • SMTP Settings
Appstore Connector   Account Name
Tax Connector N/A
  • Seller Company Name, Address, Tax Codes
  • Credentials
  • Historical Tax Requests excluded
OAuth NA OAuth credentials scrubbed

Support for Zuora Features, Add-ons, Integrations

Zuora features, add-ons, and integrations are generally supported except where noted in the following table:

  API Sandbox  Zuora Central Sandbox
Notifications Yes Yes
Callouts Yes Yes
Single Sign-on Yes Yes
Two-factor Authentication Yes Yes
Reporting Yes Yes
New Invoice File Generation Service Yes Yes
New Quote File Generation Service Yes Yes
Orders UI, including creating Orders through the UI Yes Yes
Settings API Yes Yes
Data Query Yes Yes
Analytics Yes Yes
Custom Objects Yes Yes
Events and Triggers Yes Yes
Add-ons and Integrations  

Zuora for Salesforce

Yes Yes
Zuora requires a 1-to-1 relationship with Salesforce for each Zuora environment.
Zuora 360 Manual, on-demand and scheduled Yes
Zuora 360+ Real-Time Sync Yes
Z-Suite Yes Yes
Avalara Connector Yes Yes
Payment Gateways Yes
Includes any gateway that is supported in production
Insights No No
Collections Yes Yes

Performance guidelines

Zuora provides the following guidelines and recommends you to contact Zuora Global Support if you plan to test over the guideline volumes within a 24 hour period.  Note that these guidelines are not the System's limits. Zuora draws up these guidelines to anticipate the increased load of the testing environments.



Zuora Central Sandbox **

Zuora Developer Sandbox

API Sandbox

API Testing





> 500,000 API calls

> 50,000 API calls

> 10,000 API calls

Total Data Store





Similar to Production (Production copy)

250,000 records (Total accounts and subscriptions)

5,000 records (upto 2,500 accounts + 2,500 subscriptions)

Data Load Testing





> 500,000 records**


>5,000 records

**The guidelines for Zuora Central Sandbox should be followed for your Production environment.

Limits Policy

  API Sandbox Zuora Developer Sandbox Zuora Central Sandbox
Concurrent Request Limits Bounded by Policy Bounded by Policy Bounded by Policy


If Customer’s use of the Service exceeds the usage limits in the applicable contracts or as described in this Knowledge Center article for any products provided, Customer must either purchase additional usage, if applicable, or move to the next edition of the Service. If Customer does not choose either of the options, Customer shall be considered out of compliance with such Service.


  API Sandbox Zuora Central Sandbox
PCI-compliant Yes No
SOC 1 and SOC 2-compliant Yes Yes
HIPAA-compliant Yes Yes
IP Whitelist Yes Yes
Two-factor Authentication Yes Yes

Zuora is committed to safeguarding the security, confidentiality, integrity, and availability of all physical and electronic information assets of the Company to ensure that regulatory, operational, and contractual requirements are fulfilled. Zuora's internal controls are benchmarked against industry standards such as ISO27001, ISO27018, PCI DSS Level 1, SOC 1, SOC 2 and HIPAA. Zuora Central Sandbox will be included in future ISO27001, ISO27018, PCI DSS Level 1, SOC 1, SOC 2 and HIPAA assessments starting in the fall of 2020. 

Provisioning and Refreshing Your Data

Zuora provides the following guidelines for provisioning and data refresh turnaround times for Test Environments.  We continuously strive to optimize performance and provide the best possible turnaround times for you.

When a Zuora Central Sandbox is provisioned, it will execute a data copy process that brings over a snapshot of your production data, with sensitive and PII data scrubbed. Subsequently, every data refresh request will take a new snapshot of your scrubbed production data.  In both cases, the complete snapshot of your production data are as of the date and time when the request is submitted, as the data copy process will be triggered at a time after your request is made. Note that the scheduled runs, including Bill Run and Payment Run, are not copied from your production environment to Zuora Central Sandbox during the provisioning or refreshing process.

While the data copy for most tenants can be completed within less than 3 business days, it can take longer time to complete the data copy for large tenants. In addition, the process may also take longer during the first week of a month, a peak time of data refresh requests to get a full data snapshot of the previous month.

  API Sandbox Zuora Central Sandbox
Provisioning Turnaround

Immediate with logins

2-3 business days

Includes a copy of production data. Turn around is the best effort, and it may be longer for large size tenants.

Snapshot of Production Configuration Data None Included
Snapshot of Production Transactional Data None Included
Snapshot Refresh Frequency None Once every 28 Days
Refresh Snapshot Requests


Refresh Central Sandbox in Production

Refresh turn around time can approximately take 1-3 days, managed as best effort with larger tenants taking longer.