# Update a payment method This operation allows you to update an existing payment method. The following fields in the request body can be updated for any payment method types: - maxConsecutivePaymentFailures - paymentRetryWindow - useDefaultRetryRule The following fields in the request body can be updated for any payment method types except for Credit Card Reference Transaction payment methods: - authGateway - accountHolderInfo - gatewayOptions - ipAddress - Custom fields The following fields in the request body can be updated only for Credit Card payment methods: - expirationMonth - expirationYear - securityCode The following field in the request body can be updated for Credit Card, Credit Card Reference Transaction, ACH, and Bank Transfer payment methods: - mandateInfo Endpoint: PUT /v1/payment-methods/{payment-method-id} Version: 2026-02-20 Security: bearerAuth ## Header parameters: - `Accept-Encoding` (string) Include the Accept-Encoding: gzip header to compress responses as a gzipped file. It can significantly reduce the bandwidth required for a response. If specified, Zuora automatically compresses responses that contain over 1000 bytes of data, and the response contains a Content-Encoding header with the compression algorithm so that your client can decompress it. - `Content-Encoding` (string) Include the Content-Encoding: gzip header to compress a request. With this header specified, you should upload a gzipped file for the request payload instead of sending the JSON payload. - `Zuora-Track-Id` (string) A custom identifier for tracing the API call. If you set a value for this header, Zuora returns the same value in the response headers. This header enables you to associate your system process identifiers with Zuora API calls, to assist with troubleshooting in the event of an issue. The value of this field must use the US-ASCII character set and must not include any of the following characters: colon (:), semicolon (;), double quote ("), and quote ('). - `Zuora-Entity-Ids` (string) An entity ID. If you have Zuora Multi-entity enabled and the OAuth token is valid for more than one entity, you must use this header to specify which entity to perform the operation in. If the OAuth token is only valid for a single entity, or you do not have Zuora Multi-entity enabled, you should not set this header. - `Zuora-Org-Ids` (string) Comma separated IDs. If you have Zuora Multi-Org enabled, you can use this header to specify which orgs to perform the operation in. If you do not have Zuora Multi-Org enabled, you should not set this header. The IDs must be a sub-set of the user's accessible orgs. If you specify an org that the user does not have access to, the operation fails. This header is important in Multi-Org (MO) setups because it defines the organization context under which the API should operate—mainly used for read access or data visibility filtering. If the header is not set, the operation is performed in scope of the user's accessible orgs. - `Zuora-Version` (string) The minor API version. For a list of available minor versions, see API upgrades. ## Path parameters: - `payment-method-id` (string, required) Unique ID of the payment method to update. ## Request fields (application/json): - `accountHolderInfo` (object) The account holder information. This field is not supported in updating Credit Card Reference Transaction payment methods. - `accountHolderInfo.addressLine1` (string) The first line of the address for the account holder. This field is required for SEPA Direct Debit payment methods on Stripe v2 for [certain countries](https://stripe.com/docs/payments/sepa-debit/set-up-payment?platform=web#web-submit-payment-method). - `accountHolderInfo.addressLine2` (string) The second line of the address for the account holder. - `accountHolderInfo.city` (string) The city where the account holder stays. - `accountHolderInfo.country` (string) The country where the account holder stays. This field is required for SEPA payment methods on Stripe v2 for [certain countries](https://stripe.com/docs/payments/sepa-debit/set-up-payment?platform=web#web-submit-payment-method). - `accountHolderInfo.email` (string) The email address of the account holder. - `accountHolderInfo.phone` (string) The phone number of the account holder. - `accountHolderInfo.state` (string) The state where the account holder stays. - `accountHolderInfo.zipCode` (string) The zip code for the address of the account holder. - `accountKey` (string) The customer account ID such as 2x92c0f859b0480f0159d3a4a6ee5bb6 or the customer account number such as A02855638. Note: You can use this field to associate an orphan payment method with a customer account. If a payment method is already associated with a customer account, you cannot change the associated payment method through this operation. You cannot remove the previous account ID and leave this field empty, either. - `authGateway` (string) Specifies the ID of the payment gateway that Zuora will use to authorize the payments that are made with the payment method. This field is not supported in updating Credit Card Reference Transaction payment methods. If Payment Gateway Routing is enabled: - If this field is not specified, gateway routing rules will be invoked. - If this field is specified, the specified gateway will be used to update the payment. If Payment Gateway Routing is disabled: - If this field is not specified, the default payment gateway will be used to update the payment. The default gateway of the customer account takes precedence over the default gateway of the tenant. - If this field is specified, the specified gateway will be used to update the payment. - `currencyCode` (string) The currency used for payment method authorization. - `gatewayOptions` (object) The field used to pass gateway-specific parameters and parameter values. The fields supported by gateways vary. For more information, see the Overview topic of each gateway integration in [Zuora Knowledge Center](https://knowledgecenter.zuora.com/Zuora_Billing/Billing_and_Payments/M_Payment_Gateways/Supported_Payment_Gateways). Zuora sends all the information that you specified to the gateway. If you specify any unsupported gateway option parameters, they will be ignored without error prompts. This field is not supported in updating Credit Card Reference Transaction payment methods. - `gatewayOptions.key` (string) The name of a gateway-specific parameter. - `gatewayOptions.value` (string) The value of the gateway-specific parameter. - `ipAddress` (string) The IPv4 or IPv6 information of the user when the payment method is created or updated. Some gateways use this field for fraud prevention. If this field is passed to Zuora, Zuora directly passes it to gateways. If the IP address length is beyond 45 characters, a validation error occurs. For validating SEPA payment methods on Stripe v2, this field is required. - `mandateInfo` (object) The mandate information for the Credit Card, Credit Card Reference Transaction, ACH, or Bank Transfer payment method. - `mandateInfo.mandateId` (string) The mandate ID. - `mandateInfo.mandateReason` (string) The reason of the mandate from the gateway side. - `mandateInfo.mandateStatus` (string) The status of the mandate from the gateway side. - `processingOptions` (object) The container for payment method processing options. - `processingOptions.checkDuplicated` (boolean) Indicates whether to perform a duplication check when you create a payment method of the following types: - Credit Card - ACH - Bank Transfer The default value is false. With this field set to true, Zuora will check the active and closed payment methods associated with the same billing account to ensure that no duplicate payment methods are created. For more information, see Duplication check on payment methods. - `maxConsecutivePaymentFailures` (integer,null) The maximum number of payment failures allowed for this payment method. This field is only applicable if useDefaultRetryRule is set to false. - `paymentRetryWindow` (integer,null) The retry interval in hours. This field is only applicable if useDefaultRetryRule is set to false. - `useDefaultRetryRule` (boolean) Specifies whether to apply the default retry rule configured for your tenant in the Zuora Payments settings: - To use the default retry rule, specify true. - To use the custom retry rule specific to this payment method, specify false. - `expirationMonth` (integer) One or two digits expiration month (1-12). - `expirationYear` (integer) Four-digit expiration year. - `securityCode` (string) Optional. It is the CVV or CVV2 security code specific for the credit card or debit card. To ensure PCI compliance, this value is not stored and cannot be queried. If securityCode code is not passed in the request payload, this operation only updates related fields in the payload. It does not validate the payment method through the gateway. If securityCode is passed in the request payload, this operation retrieves the credit card information from payload and validates them through the gateway. Example: "331" ## Response 200 fields (application/json): - `id` (string) ID of the updated payment method. - `success` (boolean) Returns true if the request was processed successfully. ## Response 500 fields (application/json): - `reasons` (array) Example: [{"code":"ObjectNotFound","message":"Notification definition with id 6e569e1e05f040eda51a927b140c0ac1 does not exist"}] - `reasons.code` (string) The error code of response. - `reasons.message` (string) The detail information of the error response ## Response 4XX fields (application/json): - `processId` (string) The ID of the process that handles the operation. - `reasons` (array) The container of the error code and message. This field is available only if the success field is false. - `reasons.code` (string) The error code of response. - `reasons.message` (string) The detail information of the error response - `requestId` (string) Unique identifier of the request. - `success` (boolean) Indicates whether the call succeeded.