The Zuora API uses OAuth tokens to authenticate requests. You can view and manage the client credentials the API libraries use to generate these tokens for you in Zuora Central.
Take the following steps to create authentication credentials and add them to your server-side code:
access_tokento create subsequent API requests. If you want to use Zuora Java client library, configure the library with your keys so that it can make requests to the Zuora API.
See the following code samples to understand how to authenticate:
String CLIENT_ID = "16f143d3-9887-484f-aaa7-37f0c3a24f3b"; String CLIENT_SECRET = "gMOlKhy43P/cKjxXR+J4"; String ENDPOINT = ZuoraEnv.SBX; ZuoraClient zuoraClient = new ZuoraClient(CLIENT_ID, CLIENT_SECRET, ENDPOINT);
To protect your tenant from unauthorized access be sure not to share your credentials in publicly accessible areas such as GitHub or client-side code.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.