Skip to content
/V4 Session

Admin API Reference (2026-01-08)

The Zephr Admin API provides RESTful access to all Zephr functionality. It is designed for server-side integrations. All requests must be signed as described in HMAC Request Signing and Key Pairs.

The Admin API uses a base URL with the following format: https://{tenantId}.api.zephr.com

Note: If you have multiple tenants, the current tenant ID is shown in a blue box in the top right of the Admin Console. If you have a single site, you can find the tenant ID by navigating to your site domains. To do this, select Sites from the Delivery menu, select your site, and then click the Site Domains button. The tenant ID is the first part of the domain. For example, if the domain is news-paper.cdn.zephr.com, the tenant ID is news.

Download OpenAPI description
index.json
index.yaml
Languages
Servers
Mock server
https://developer.zuora.com/_mock/zephr-api-reference/zephr-admin-api
https://{tenantId}.api.zephr.com

Account User

Contains operations on the Account User resource.

Operations

Admin User

Contains operations on the Admin User resource.

Operations

Bundle

Contains operations on the Bundle resource.

Operations

Cache Configurations

Contains operations on the Cache Configurations resource.

Operations

Cache Management

Cache Mangement.

Operations

Company

Actions on resource Company.

Operations

Component Library

Actions on resource Library Component.

Operations

Configuration

Blaize tenant configuration.

Operations

Credit

Actions on resource Credit.

Operations

Decision Engine

Operations

Email Templates

Actions on email templates.

Operations

Entitlement

Actions on resource Entitlement.

Operations

Feature Rules

Actions on resource Feature Rules.

Note: - Note: The APIs mentioned in this section support legacy Feature Rules only. Feature Rules created through the Admin Console (V4 Features) are stored in a different system and are not accessible through these APIs.

Operations

Form

Actions on resource Form.

Operations

Gifts

Operations

Grants

Actions on resource Grant.

Operations

Meter

Actions on resource Meter.

Operations

Products

Actions on resource Product.

Operations

Request Rules

Actions on resource Request Rules.

Operations

Session

Actions on resource Session.

Operations

Static Items

Actions on resource Static Item.

Operations

Third Party Authentication

Contains operations for the OAuth 2.0 Authorization Code Flow Token Exchange.

Operations

User Export

Operations

User Schema

Actions on resource User Schema.

Operations

Users

Contains operations on the User resource. Important: The Attributes object contains the custom-defined attributes for a user.

Operations

V4 Session

Actions on resource Session.

Operations

Create a new session under a given site

Request

Creates a new session under a given site.

Security
ZephrHmacHttp
Path
sitestringrequired

The site ID

Bodyapplication/json
identifiersobjectrequired
Example: {"email_address":"joe.blow@company.com"}
identifiers.​email_addressstring
Example: "joe.blow@company.com"
validatorsobjectrequired
Example: {"password":"mysecurepassword123"}
validators.​passwordstring
Example: "mysecurepassword123"
validators.​use_ssoboolean

When this is present there should be no identifiers in the body. The user is identified through a blaize_session cookie.

curl -i -X POST \
  'https://developer.zuora.com/_mock/zephr-api-reference/zephr-admin-api/v4/sessions/{site}' \
  -H 'Authorization: ZEPHR-HMAC-* <YOUR_TOKEN_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "identifiers": {
      "email_address": "joe.blow@company.com"
    },
    "validators": {
      "password": "mysecurepassword123"
    }
  }'

Responses

OK

Bodyapplication/json
tenantIdstring
Example: "company"
subTenantIdstring
Example: "company|demo"
suppliedboolean
Example: false
expiryDatestring
Example: "2025-02-08 14:29 PM UTC"
startDatestring
Example: "2024-02-08 14:29 PM UTC"
authenticatedboolean
Example: true
statestring
Enum"anonymous""recognised""partially_registered""authenticated"
Example: "authenticated"
devicestring
Example: "pc"
browserstring
Example: "Chrome"
osstring
Example: "Mac OSX"
citystring
Example: "London"
geoStatestring
Example: "London"
deviceNamestring
Example: "Apple Macintosh"
countrystring

ISO-3166-2 country code

Example: "GB"
session_idstring
Example: "26a73b7a-f7d0-48d8-85dd-a04b07313895"
user_idstring
Example: "UU0123456789ABCD"
Response
application/json
{
  "expiryDate": "2018-11-15 14:29 PM UTC",
  "startDate": "2017-11-15 14:29 PM UTC",
  "authenticated": true,
  "session_id": "SS0123456789ABCD",
  "user_id": "UU0123456789ABCD"
}

Look up a session under a given site

Request

This endpoint allows you to access specific session details for a particular site. By providing the unique identifiers for the site and the session, you can retrieve detailed information about that session. This information can include the session's start time, end time, current status, and any associated user data. The exact content of the response will depend on the specific session and site identifiers provided in the request.

Security
ZephrHmacHttp
Path
sitestringrequired

The unique site identifier within the tenant.

sessionIdstringrequired

Unique session identifier assigned to each session, enabling precise identification and retrieval of session-related information within the API.

curl -i -X GET \
  'https://developer.zuora.com/_mock/zephr-api-reference/zephr-admin-api/v4/sessions/{site}/{sessionId}' \
  -H 'Authorization: ZEPHR-HMAC-* <YOUR_TOKEN_HERE>'

Responses

OK. Returns the session details.

Bodyapplication/json
tenantIdstring
Example: "company"
subTenantIdstring
Example: "company|demo"
authenticatedboolean
Example: true
vinteger

version

Example: 0
session_variablesobject(session_variables)
user_idstring
Example: "UU0123456789ABCD"
sessionsArray of objects(sessions)
access_modelobject(access_model)
last_updatedinteger

A timestamp indicating the last update of the session, measured in milliseconds since the epoch.

Example: 1707230240685
test_groupsobject
second_party_dataobject
Response
application/json
{
  "tenantId": "company",
  "subTenantId": "company|demo",
  "authenticated": true,
  "v": 0,
  "session_variables": {},
  "user_id": "UU0123456789ABCD",
  "sessions": [
    { … }
  ],
  "access_model": {
    "meters": { … },
    "credits": { … },
    "delivered_entitlements": [ … ],
    "granted_bundles": [ … ],
    "jwt_bundles": [],
    "user_state": "registered"
  },
  "last_updated": 1707230240685,
  "test_groups": {
    "property1": "string",
    "property2": "string"
  },
  "second_party_data": {
    "property1": "string",
    "property2": "string"
  }
}

Delete a session under a given site

Request

This endpoint is used to delete a specific session for a given site. You need to provide the unique identifiers for the site and the session. This operation is useful when you want to manually end a session before it naturally expires.

Security
ZephrHmacHttp
Path
sitestringrequired

The unique site identifier within the tenant.

sessionIdstringrequired

Unique session identifier assigned to each session, enabling precise identification and retrieval of session-related information within the API.

curl -i -X DELETE \
  'https://developer.zuora.com/_mock/zephr-api-reference/zephr-admin-api/v4/sessions/{site}/{sessionId}' \
  -H 'Authorization: ZEPHR-HMAC-* <YOUR_TOKEN_HERE>'

Responses

OK. The session was successfully deleted.

Create an anonymous session under a given site

Request

Creates an anonymous session under a given site.

Security
ZephrHmacHttp
Path
sitestringrequired

The site ID

curl -i -X POST \
  'https://developer.zuora.com/_mock/zephr-api-reference/zephr-admin-api/v4/anonymous-sessions/{site}' \
  -H 'Authorization: ZEPHR-HMAC-* <YOUR_TOKEN_HERE>'

Responses

OK

Bodyapplication/json
tenantIdstring
Example: "company"
subTenantIdstring
Example: "company|demo"
suppliedboolean
Example: false
expiryDatestring
Example: "2025-02-08 14:29 PM UTC"
startDatestring
Example: "2024-02-08 14:29 PM UTC"
authenticatedboolean
Example: true
statestring
Enum"anonymous""recognised""partially_registered""authenticated"
Example: "authenticated"
devicestring
Example: "pc"
browserstring
Example: "Chrome"
osstring
Example: "Mac OSX"
citystring
Example: "London"
geoStatestring
Example: "London"
deviceNamestring
Example: "Apple Macintosh"
countrystring

ISO-3166-2 country code

Example: "GB"
session_idstring
Example: "26a73b7a-f7d0-48d8-85dd-a04b07313895"
user_idstring
Example: "UU0123456789ABCD"
Response
application/json
{
  "expiryDate": "2018-11-15 14:29 PM UTC",
  "startDate": "2017-11-15 14:29 PM UTC",
  "authenticated": true,
  "session_id": "SS0123456789ABCD",
  "user_id": "UU0123456789ABCD"
}

Webhook

Actions on resource Webhook.

Operations

Account

Actions on resource Account.

Operations

Health Check

Actions on Health checks.

Operations

System Resources

Actions on system resources.

Operations

External Templates

External Templates.

Accounts

Operations

Request Rules Version

Operations

Fetch external template

Request

Fetch External Template

Security
ZephrHmacHttp
Path
templateConfigIdstringrequired

Unique External Template identifier

curl -i -X GET \
  'https://developer.zuora.com/_mock/zephr-api-reference/zephr-admin-api/zephr/public/template-components/v1/template-components/{templateConfigId}' \
  -H 'Authorization: ZEPHR-HMAC-* <YOUR_TOKEN_HERE>'

Responses

OK

Bodyapplication/json
string
Response
application/json
[
  "The template the-value::!"
]

Pages

Operations

Dynamic Offer Promo code redemption

Operations

Subscription

Operations