Skip to main content

How do I prevent my API user login from expiring?

Zuora

How do I prevent my API user login from expiring?

Overview

Your company's Z-Billing Administrators can configure your Z-Billing password expiration rules for a higher level of application security. You can configure your company's password expiration rules by navigating to Settings > Administrative Settings and selecting Security Policies. From here, Administrators can choose to have passwords "never expire" or to expire every 30, 60 or 90 days. When the user password expires, the user is prompted to reset password during login.

Solution

Password expiration is only enforced in the Zuora UI and not in the Zuora API. This means that logins created and used only for the API (and not used to log into the UI) will never expire. It is important to take the steps below to prevent the password for your company's API logins from expiring which can result in an interruption to your order processing flow:

  1. Create a unique login for API integration purposes only ("API Login").
  2. Do not use your API Login to access the Zuora UI. Remember: Password expiration is enforced in the UI, and if you use the API Login to access the Zuora UI, it will trigger the password expiration rules.
  3. If the password is reset in the UI, it must also be updated in your API code.
  4. It helps to create API logins using the format api@companyname.com. However, using this naming format alone does not prevent your API logins from expiring. The above steps must be taken to ensure your API login does not expire.

See Set up a Zuora account with the API user role for detailed instructions.

See Setting Security Policies for more information about configuring password rules.