# List callout templates Queries callout templates. This operation supports querying callout templates for all event types. Endpoint: GET /notifications/callout-templates Version: 2026-02-20 Security: bearerAuth ## Header parameters: - `Accept-Encoding` (string) Include the Accept-Encoding: gzip header to compress responses as a gzipped file. It can significantly reduce the bandwidth required for a response. If specified, Zuora automatically compresses responses that contain over 1000 bytes of data, and the response contains a Content-Encoding header with the compression algorithm so that your client can decompress it. - `Content-Encoding` (string) Include the Content-Encoding: gzip header to compress a request. With this header specified, you should upload a gzipped file for the request payload instead of sending the JSON payload. - `Zuora-Track-Id` (string) A custom identifier for tracing the API call. If you set a value for this header, Zuora returns the same value in the response headers. This header enables you to associate your system process identifiers with Zuora API calls, to assist with troubleshooting in the event of an issue. The value of this field must use the US-ASCII character set and must not include any of the following characters: colon (:), semicolon (;), double quote ("), and quote ('). - `Zuora-Entity-Ids` (string) An entity ID. If you have Zuora Multi-entity enabled and the OAuth token is valid for more than one entity, you must use this header to specify which entity to perform the operation in. If the OAuth token is only valid for a single entity, or you do not have Zuora Multi-entity enabled, you should not set this header. - `Zuora-Org-Ids` (string) Comma separated IDs. If you have Zuora Multi-Org enabled, you can use this header to specify which orgs to perform the operation in. If you do not have Zuora Multi-Org enabled, you should not set this header. The IDs must be a sub-set of the user's accessible orgs. If you specify an org that the user does not have access to, the operation fails. This header is important in Multi-Org (MO) setups because it defines the organization context under which the API should operate—mainly used for read access or data visibility filtering. If the header is not set, the operation is performed in scope of the user's accessible orgs. ## Query parameters: - `start` (integer) The first index of the query result. - `limit` (integer) The maximum number of results the query should return. - `eventCategory` (number) The event category code of a standard event to which the callout templates you want to query relates. - `eventTypeName` (string) The name of a Zuora custom event, custom event, or custom scheduled event to which the callout templates you want to query relates. - `name` (string) The name of the callout template. ## Response 200 fields (application/json): - `data` (array) - `data.active` (boolean) The status of the callout template. - `data.calloutAuth` (object,null) If requiredAuth is true, this object is required. - `data.calloutAuth.domain` (string) The domain of the callout auth. - `data.calloutAuth.password` (string) The field is required when requiredAuth is true. - `data.calloutAuth.preemptive` (boolean) Set this field to true if you want to enable the preemptive authentication. - `data.calloutAuth.username` (string) The field is required when requiredAuth is true. - `data.calloutBaseurl` (string) The callout URL. Example: "https://***" - `data.calloutHeaders` (object,null) Container for custom callout headers. Each custom callout header consists of a header name and a header value. - `data.calloutParams` (object,null) Container for callout parameters sent in the request body. Each callout parameter consists of a parameter name and a parameter value. - `data.calloutRetry` (boolean) Indicates whether to retry the callout when the callout fails. - `data.certificate` (string,null) The SSL certificate for the domain of the callout receiver server specified in calloutBaseurl. - `data.confirmSuccessFromResponseContent` (boolean) Indicates how Zuora determines whether callout notifications to your system succeed or fail: * If false, Zuora determines the result based solely on the HTTP response status code. This is the default value. * If true, and the HTTP response status code is 200, Zuora evaluates the callout response and considers the notification successful only if the Content-Type header is set to application/json, and the response body contains a success field set to true. - `data.contentType` (string) The callout body format. - `data.createdBy` (string) The ID of the user who created the callout template. - `data.createdOn` (string) The time when the callout template was created. Specified in the UTC timezone in the ISO860 format (YYYY-MM-DDThh:mm:ss.sTZD). E.g. 1997-07-16T19:20:30.45+00:00 - `data.customRequestBody` (string,null) Customized request body. - `data.description` (string) Description for the callout template. - `data.eventCategory` (number) The event category code for the standard event that the callout template relates to. This field is available only if the related event of this callout template is a standard event. For the list of supported standard event category codes, see Standard event category code for events and notifications. - `data.eventTypeName` (string) The name of the custom event that the callout template relates to. This field is available only if the related event of this callout template is a Zuora custom event, custom event, or custom scheduled event. - `data.eventTypeNamespace` (string) The namespace of the eventTypeName field. It indicates who created the event and which namespace the event is assigned to. Supported values are as follows: - com.zuora.notification: events that are created by Zuora. This value applies to Zuora custom events. - user.notification: events that are created by tenant users. This value applies to custom events and custom scheduled events. This is the default value. This field is available only if the related event of this callout template is a Zuora custom event, custom event, or custom scheduled event. Enum: "user.notification", "com.zuora.notification" - `data.hmacAlgorithm` (string,null) The hash function Zuora uses to generate the signed data for HMAC authentication. Enum: "MD5", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512", null - `data.hmacData` (string,null) The message to be authenticated for HMAC authentication. - `data.hmacKey` (string,null) The header key that Zuora uses to send the header value for HMAC authentication. The header value is specified in the hmacValue field and typically contains the signed data. - `data.hmacOutputFormat` (string,null) The format of the signed data for HMAC authentication. Enum: "BASE64", "HEX", null - `data.hmacSecret` (string,null) The shared secret key that Zuora uses to generate the signed data for HMAC authentication. - `data.hmacValue` (string,null) The header value for HMAC authentication. The header key is specified in the hmacKey field. - `data.httpMethod` (string) The HTTP method of the callout. Enum: "POST", "GET", "PUT", "PATCH", "DELETE" - `data.id` (string) The ID of the callout template. - `data.name` (string) The name of the callout template. - `data.oauth2ProviderId` (string,null) The ID of the OAuth 2.0 provider in your tenant that provides access tokens for the callout. - `data.requiredAuth` (boolean) Indicates whether Basic authentication is enabled for the callout. - `data.requiredOauth2` (boolean) Indicates whether OAuth 2.0 authentication is enabled for the callout. - `data.updatedBy` (string) The ID of the user who updated the callout template. - `data.updatedOn` (string) The time when the callout template was updated. Specified in the UTC timezone in the ISO860 format (YYYY-MM-DDThh:mm:ss.sTZD). E.g. 1997-07-16T19:20:30.45+00:00 - `data.useCustomRequestBody` (boolean) Indicates whether to enable the customized request body configured in the customRequestBody field. - `next` (string) The URI to query the next page of data, e.g. '/notifications/callout-templates?start=21&limit=20'. The start equals request's start+limit, and the limit equals the request's limit. If the current page is the last page, this value is null. ## Response 400 fields (application/json): - `reasons` (array) Example: [{"code":"ObjectNotFound","message":"Notification definition with id 6e569e1e05f040eda51a927b140c0ac1 does not exist"}] - `reasons.code` (string) The error code of response. - `reasons.message` (string) The detail information of the error response ## Response 404 fields (application/json): - `reasons` (array) Example: [{"code":"ObjectNotFound","message":"Notification definition with id 6e569e1e05f040eda51a927b140c0ac1 does not exist"}] - `reasons.code` (string) The error code of response. - `reasons.message` (string) The detail information of the error response ## Response 405 fields (application/json): - `reasons` (array) Example: [{"code":"ObjectNotFound","message":"Notification definition with id 6e569e1e05f040eda51a927b140c0ac1 does not exist"}] - `reasons.code` (string) The error code of response. - `reasons.message` (string) The detail information of the error response ## Response 415 fields (application/json): - `reasons` (array) Example: [{"code":"ObjectNotFound","message":"Notification definition with id 6e569e1e05f040eda51a927b140c0ac1 does not exist"}] - `reasons.code` (string) The error code of response. - `reasons.message` (string) The detail information of the error response ## Response 500 fields (application/json): - `reasons` (array) Example: [{"code":"ObjectNotFound","message":"Notification definition with id 6e569e1e05f040eda51a927b140c0ac1 does not exist"}] - `reasons.code` (string) The error code of response. - `reasons.message` (string) The detail information of the error response