# Create a payment session

Use this operation to create a payment session on your server side. 
The response contains a token for the payment session data. 

In addition to the required accountId and currency fields, you can specify the following fields 
to define the payment flow mode as one of the following:
  - Create and save a payment method:
      - processPayment: false
      - storePaymentMethod: true
      - amount
  - Process a one-time payment without saving the payment method:
      - processPayment: true
      - storePaymentMethod: false
      - amount or invoices + amount
  - Process the first payment and save the payment method for subsequent recurring payments:
      - processPayment: true
      - storePaymentMethod: true
      - amount or invoices + amount

For more information, see the following articles:
  - Payment Form Implementation Guide
  - Set up a payment method through JavaScript SDK integration
  - Set up Alipay payment methods with Zuora JavaScript SDK

Endpoint: POST /web-payments/sessions
Version: 2026-02-20
Security: bearerAuth

## Header parameters:

  - `Idempotency-Key` (string)
    Specify a unique idempotency key if you want to perform an idempotent POST or PATCH request. Do not use this header in other request types. 

With this header specified, the Zuora server can identify subsequent retries of the same request using this value, which prevents the same operation from being performed multiple times by accident.

  - `Accept-Encoding` (string)
    Include the Accept-Encoding: gzip header to compress responses as a gzipped file. It can significantly reduce the bandwidth required for a response. 

If specified, Zuora automatically compresses responses that contain over 1000 bytes of data, and the response contains a Content-Encoding header with the compression algorithm so that your client can decompress it.

  - `Content-Encoding` (string)
    Include the Content-Encoding: gzip header to compress a request. With this header specified, you should upload a gzipped file for the request payload instead of sending the JSON payload.

  - `Zuora-Track-Id` (string)
    A custom identifier for tracing the API call. If you set a value for this header, Zuora returns the same value in the response headers. This header enables you to associate your system process identifiers with Zuora API calls, to assist with troubleshooting in the event of an issue.

The value of this field must use the US-ASCII character set and must not include any of the following characters: colon (:), semicolon (;), double quote ("), and quote (').

  - `Zuora-Entity-Ids` (string)
    An entity ID. If you have Zuora Multi-entity enabled and the OAuth token is valid for more than one entity, you must use this header to specify which entity to perform the operation in. If the OAuth token is only valid for a single entity, or you do not have Zuora Multi-entity enabled, you should not set this header.

  - `Zuora-Org-Ids` (string)
    Comma separated IDs. If you have Zuora Multi-Org enabled, 
you can use this header to specify which orgs to perform the operation in. If you do not have Zuora Multi-Org enabled, you should not set this header.

The IDs must be a sub-set of the user's accessible orgs. If you specify an org that the user does not have access to, the operation fails. This header is important in Multi-Org (MO) setups because it defines the organization context under which the API should operate—mainly used for read access or data visibility filtering. If the header is not set, the operation is performed in scope of the user's accessible orgs.

## Request fields (application/json):

  - `accountId` (string)
    The ID of the customer account in Zuora that is associated with this
payment method.

This field is required when processPayment is set to true. It is optional when processPayment is set to false.
    Example: "402882e98d3a964b018d3a9c99ef0167"

  - `amount` (number, required)
    If processPayment is true, it is the amount of the payment. If invoices is specified, the value of amount must be the current total balances of the specified invoices.

If processPayment is false, it is the authorization amount for the payment method.
    Example: 100

  - `authAmount` (number)
    The authorization amount for the payment method. Specify a value greater
than 0.

Note: This field is being deprecated. It is recommended to use the amount field.

  - `currency` (string, required)
    The currency of the payment in the format of the three-character ISO
currency code.
    Example: "USD"

  - `gatewayOptions` (object)
    The field used to pass gateway-specific parameters and parameter values.
The fields supported by gateways vary. For more information, see the
overview topic of each gateway integration in Zuora Knowledge Center.

Zuora sends all the information that you specified to the gateway. If you
specify any unsupported gateway option parameters, they will be ignored
without error prompts.

  - `paymentGateway` (string)
    The ID of the payment gateway instance configured in Zuora that will
process the payment, such as e884322ab8c711edab030242ac120004.

If Payment Gateway Routing is enabled: 
  - If this field is not specified, gateway routing rules will be invoked.
  - If this field is specified, the specified gateway will be used to process the payment.

If Payment Gateway Routing is disabled:
  - If this field is not specified, the default payment gateway will be used to process the payment. The default gateway of the customer account takes precedence over the default gateway of the tenant. 
  - If this field is specified, the specified gateway will be used to process the payment.
    Example: "402883827d097a28017d09b41f690261"

  - `processPayment` (boolean, required)
    Indicate whether a payment should be processed after creating the payment
method.

If this field is set to true, you must specify either the amount field or the invoices and amount fields.

If this field is set to false, you must specify the amount field.
    Example: true

  - `storePaymentMethod` (boolean)
    true indicates that the payment method will be stored in Zuora and will be used 
in subsequent recurring payments.

false indicates that the payment method will not be stored in Zuora. 
End-customers need to be brought back on-session to authenticate the payment.
    Example: true

  - `invoices` (array)
    The array of invoices that a payment applies to. All the specified invoices will be fully paid. 
The value of the amount field must be the current total balances of the specified invoices.

Here is an example:


"invoices": [
  {
    "invoiceNumber": "INV00001274"
  },
  {
    "invoiceNumber": "INV00001278"
  }
]
    Example: [{"invoiceNumber":"INV00001274"},{"invoiceNumber":"INV00001278"}]

  - `invoices.invoiceNumber` (string)
    The invoice number, such as INV0000001.

## Response 200 fields (application/json):

  - `token` (string)
    The token for the payment session data.

## Response 500 fields (application/json):

  - `reasons` (array)
    Example: [{"code":"ObjectNotFound","message":"Notification definition with id 6e569e1e05f040eda51a927b140c0ac1 does not exist"}]

  - `reasons.code` (string)
    The error code of response.

  - `reasons.message` (string)
    The detail information of the error response

## Response 4XX fields (application/json):

  - `processId` (string)
    The ID of the process that handles the operation.

  - `reasons` (array)
    The container of the error code and message. This field is available only if the success field is false.

  - `reasons.code` (string)
    The error code of response.

  - `reasons.message` (string)
    The detail information of the error response

  - `requestId` (string)
    Unique identifier of the request.

  - `success` (boolean)
    Indicates whether the call succeeded.