Skip to main content

Create and Configure Payment Pages 2.0


Create and Configure Payment Pages 2.0

You can create and configure Payment Pages 2.0 through Zuora UI for the following payment method types:

  • Credit Card
  • Credit Card Reference working with the Stripe v2 gateway (Limited Availability)
  • CyberSource Token for Credit Card Reference working with the CyberSource Tokenization gateway (Limited Availability)
  • Bank Transfer, including the following Bank Transfer types:
    • SEPA
    • ACH
    • UK Direct Debit
    • AU Direct Entry
    • New Zealand Direct Debit
    • Sweden Direct Debit (Autogiro)
    • Denmark Direct Debit (Betalingsservice)
    • Canadian Pre-Authorized Debit (PAD)
  • iDEAL on Adyen
  • PIX on Ebanx

The creation of Payment Pages 2.0 is not supported through APIs.

For the support on integrations requested through the Specialized Payment Connections service, see the article for the specific integration.

Create and configure Payment Pages 2.0

Before you create a Payment Page 2.0, ensure that you have understood the tenant-level settings available for configuration and security measures to implement.

For instructions on creating and configuring Payment Pages 2.0 for different payment method types, see the following articles:

Tenant-level settings for Payment Pages 2.0

You can configure the following tenant-level settings for your Payment Pages:

  • Tenant-level security settings, including the API public key, rate limiting, and Google Cloud account for the Google reCAPTCHA service.
  • Raw Gateway Info Configuration - With the Need to Return Raw Gateway Info setting enabled, the raw gateway information can be returned in Payment Pages 2.0 responses. For detailed information about fields returned in rawGatewayInfo for different gateways,  see Fields returned in rawGatewayInfo.
  • Blacklisted Card BINs
    If you want to block cards from being added through payment pages, enter card prefixes separated by commas in this field. The cards defined in the blacklist will not be added in Zuora nor submitted to gateways. The prefix with fewer digits defines a broader block of cards. For example, if you enter 4,522303 in this field, all Visa cards (defined by the prefix ‘4’) and Costco branded Mastercards (defined by the prefix ‘522303’ ) will be blocked. A maximum of 1,800 characters, including letters, digits and commas, is allowed for this field.

    To enable this feature, submit a request at Zuora Global Support, and make sure that the page-level Client-Side Validation setting is enabled.

    Note that the Blacklisted Card BINs feature does not work for payment pages implemented through Direct POST.

  • Validate Client-Side HPM Parameters - With this setting enabled, the client parameters in the requests for rendering or submitting Payment Pages 2.0 are validated by comparing with the values specified in the digital signature. see Security Measures for Payment Pages 2.0 for more information.
  • Allow Subdomain Callback for Hosted Pages - With this setting enabled, your hosted payment pages and callback pages can reside in the subdomain of the hosted domain that you specified when configuring the payment pages. For more information about configuring the payment pages, see the articles listed in the Create and configure Payment Pages 2.0 section.