# Public API Reference The Zephr Public API provides common client-side actions tied to a session cookie. Unlike the Admin API, neither users nor other resources can be dereferenced; the only data that can be accessed is owned by the user who is currently signed-in. This design is used to protect other users from malicious attacks. You can find the base URL for the Public API by navigating to your site domains. To do this, select **Sites** from the **Delivery** menu, select your site, and then click the **Site Domains** button. The base URL is the Live domain. Zephr forms use the Public API by default, with relative URLs based on the base URL. Version: 2025-07-30 ## Servers ``` https://{your-domain} ``` Variables: - `your-domain`: The domain of your site. Default: "demo-site" ## Security ### CookieBlaizeSession This cookie is the default authentication mechanism and is set after a successful request to an endpoint such as `/blaize/login`. Such a cookie may also be obtained via other means, such as a social sign-in flow. Most endpoints in this API are sensitive to this cookie and will behave differently depending on the presence and value thereof. Some endpoints will only function for authenticated users, so this cookie or other form of authentication will be required in that case. Type: apiKey In: cookie Name: blaize_session ### JwtQuery A JWT can be provided in a `jwt` request query parameter to Zephr. Zephr can use various forms of JWT to authenticate users. For details on this see: https://knowledgecenter.zuora.com/Zephr/Settings/JSON_Web_Tokens_(JWT) Type: apiKey In: query Name: jwt ### JwtHeaderXBlaizeJwt A JWT can be provided in a `x-blaize-jwt` request header to Zephr. Zephr can use various forms of JWT to authenticate users. For details on this see: https://knowledgecenter.zuora.com/Zephr/Settings/JSON_Web_Tokens_(JWT) Type: apiKey In: header Name: x-blaize-jwt ### JwtHeaderXZephrJwt A JWT can be provided in a `x-zephr-jwt` request header to Zephr. Zephr can use various forms of JWT to authenticate users. For details on this see: https://knowledgecenter.zuora.com/Zephr/Settings/JSON_Web_Tokens_(JWT) Type: apiKey In: header Name: x-zephr-jwt ### JwtBearer A JWT can be provided as an HTTP bearer token in a request to Zephr. Zephr can use various forms of JWT to authenticate users. For details on this see: https://knowledgecenter.zuora.com/Zephr/Settings/JSON_Web_Tokens_(JWT) Type: http Scheme: bearer Bearer Format: JWT ### JwtCookie A JWT can be provided as a `blaize_jwt` cookie in a request to Zephr. Zephr can use various forms of JWT to authenticate users. For details on this see: https://knowledgecenter.zuora.com/Zephr/Settings/JSON_Web_Tokens_(JWT) Type: apiKey In: cookie Name: blaize_jwt ## Download OpenAPI description [Public API Reference](https://developer.zuora.com/_bundle/zephr-api-reference/zephr-public-api/index.yaml) ## Authentication ### Log in to the user account - [POST /blaize/login](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/loginuseraccount.md): This endpoint is utilized for user authentication, granting access to secured endpoints that mandate authentication. Following successful authentication, a blaize_session is generated for the user, enabling them to access the secure endpoints. ### Log out of the user account - [POST /blaize/logout](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/logoutuseraccount.md): Logs out of the user account. ### Retrieve the SSO status - [GET /zephr/public/sso/v1/status](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/retrievessostatus.md): Retrieves the SSO status and metadata of the current user. ### Update the metadata - [PUT /zephr/public/sso/v1/status/meta](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/updatemetadata.md): Updates the SSO metadata associated with the user. ### Start the passwordless authentication flow - [POST /blaize/token-exchange](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/startpasswordlessauthentication.md): Starts the passwordless authentication flow by sending an email to the user with a sign-in link. When the user clicks the link, they are directed to GET /blaize/token-exchange?token=..., which authenticates them automatically. IMPORTANT: Passwordless authentication requires the user's email to be verified. This means the user must first receive a separate verification email and click the link to confirm their email address. Verification can be triggered by sending a POST request to the appropriate endpoint. ### Completes the passwordless authentication flow - [GET /blaize/token-exchange](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/completepasswordlessauthentication.md): Completes the passwordless authentication flow. This endpoint is triggered when the the user clicks the link in the email sent after a POST /blaize/token-exchange request. IMPORTANT: For passwordless authentication, first is required to send a POST to request an email to be sent to the User’s email with a link for the user to click on to verify his email. ### Complete a 2FA based password reset - [POST /zephr/users/reset/{state}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/complete2fapasswordreset.md): Completes the password reset. IMPORTANT: To reset a user's password, first send a POST request to trigger an email with a reset token. This token must be included in the state parameter when calling this API. The validator parameter is optional, if omitted, the OTP can be verified first, and the new password can be submitted separately with the correct OTP. ### Return the password reset form - [GET /blaize/blaize/password-reset.html](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/resetpasswordform.md): Returns the password reset form ### Create an anonymous session - [POST /blaize/anonymous-session](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/createanonymoussession.md): Creates an anonymous session. ### Start updating the current email address - [POST /blaize/users/update-email](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/startupdatingyourcurrentemailaddress.md): Starts updating user's current email address. ### Start updating the current email address - [POST /zephr/users/update-email](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/startupdatingyourcurrentzephremailaddress.md): Updates the user's email address. The user will receive an email with a one-time password (OTP) to verify the new email address. In order to finish the process, the user must provide the OTP to the _/zephr/users/update-email/{otp}_ endpoint. The difference between this endpoint and the _/blaize/users/update-email_ endpoint is that this endpoint requires the extra layer of authentication through the required validator. ### Complete updating the current email address - [POST /zephr/users/update-email/{otp}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/completeupdatingyourcurrentzephremailaddress.md): Completes updating the user's email address. The user must provide the OTP received in the email to verify the new email address. The difference between this endpoint and the _/blaize/users/update-email/_ endpoint is that this endpoint requires the extra layer of authentication through the required validator. ### Return the update email request form - [GET /blaize/update-email.html](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/updateemailrequestform.md): Returns the update email request Form. ### Change the user password - [POST /blaize/users/change-password](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/changepassword.md): Changes the user password. ### Start a 2FA password reset - [POST /zephr/users/reset](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/startpasswordreset.md): Starts the password reset for a 2FA user. This will send an email to the user with a 6 digit code, which can then be used to reset their password. ### Change the user's password - [POST /zephr/users/change-password](https://developer.zuora.com/zephr-api-reference/zephr-public-api/authentication/changezephruserpassword.md): This endpoint starts the process of changing a user's password. An active user session is required for this endpoint. This process ends with an OTP (One-time password) being sent to the user's email address. ## Braintree Payments ### Retrieve the Braintree token - [GET /blaize/payment/braintree/token](https://developer.zuora.com/zephr-api-reference/zephr-public-api/braintree-payments/getbraintreetoken.md): Issues a Braintree client token for the current blaize session. This holds the user's userId if the user has an authenticated session. This token can be used to request a payment once. ### Create a subscription charged callback - [POST /blaize/payment/braintree/subscriptionChargedCallback](https://developer.zuora.com/zephr-api-reference/zephr-public-api/braintree-payments/createsubscriptionchargedcallback.md): This endpoint generates a callback for subscription charges when a product purchase is created, regardless of success or failure. It requires a mandatory string payload containing the bt_signature and bt_payload parameters. To use subscriptions, configure the Braintree callback to direct to this endpoint. ### List the Braintree subscriptions of a user - [GET /blaize/payment/braintree/subscriptions](https://developer.zuora.com/zephr-api-reference/zephr-public-api/braintree-payments/listuserbraintreesubscriptions.md): Lists all Braintree subscriptions for the logged-in user. ### Update the Braintree subscription - [PATCH /blaize/payment/braintree/subscriptions/{subscriptionId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/braintree-payments/updatebraintreesubscription.md): Updates a Braintree subscription by ID. This operation currently only supports updating the payment method for a subscription, sending the payment method token or nonce. ### Cancel the Braintree subscription - [DELETE /blaize/payment/braintree/subscriptions/{subscriptionId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/braintree-payments/cancelbraintreesubscription.md): Cancels a Braintree subscription by ID. ### Create a Braintree buy (one-off) - [POST /blaize/payment/braintree/buy](https://developer.zuora.com/zephr-api-reference/zephr-public-api/braintree-payments/createbraintreebuyoneoff.md): Uses the payment info captured by the braintree drop-in UI and encoded in the payment nonce to create a braintree customer and issue a one-off payment. When braintree responds successfully, the logged-in user will be granted all entitlements in the product's associated bundle. ### List Braintree payment methods - [GET /zephr/payment/braintree/payment-methods](https://developer.zuora.com/zephr-api-reference/zephr-public-api/braintree-payments/listbraintreeuserpaymentmethods.md): Lists the Braintree payment method details associated with the logged-in user. ### Create a new Braintree payment method. - [POST /zephr/payment/braintree/payment-methods](https://developer.zuora.com/zephr-api-reference/zephr-public-api/braintree-payments/createbraintreeuserpaymentmethod.md): Creates the Braintree payment method with the associated vaulted nonce, for the authenticated user. ### Update a Braintree payment method - [PATCH /zephr/payment/braintree/payment-methods/{paymentMethodToken}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/braintree-payments/updateuserbraintreepaymentmethod.md): Updates the Braintree payment method details associated with the logged-in user. The details to update must first be captured from Braintree in a nonce and vaulted. ### Delete the Braintree payment method - [DELETE /zephr/payment/braintree/payment-methods/{paymentMethodToken}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/braintree-payments/deleteuserbraintreepaymentmethod.md): Deletes the Braintree payment method associated with the provided token. ### Set the default Braintree payment method - [PUT /zephr/payment/braintree/default-payment-method](https://developer.zuora.com/zephr-api-reference/zephr-public-api/braintree-payments/setuserdefaultbraintreepaymentmethod.md): Sets the Braintree default payment method for the logged-in user. This must be a valid payment method already associated with the user. ### List all Braintree plans - [GET /zephr/payment/braintree/plans](https://developer.zuora.com/zephr-api-reference/zephr-public-api/braintree-payments/listbraintreeplans.md): Lists the plans associated with the identified product. The product ID is required. ### Get a Braintree Promo Code - [GET /blaize/payment/braintree/promo-code](https://developer.zuora.com/zephr-api-reference/zephr-public-api/braintree-payments/getbraintreepromocode.md): Gets a Braintree promo code. ### List Braintree add-ons - [GET /blaize/payment/braintree/addons&promoCode={promoCode}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/braintree-payments/listbraintreeaddons.md): Lists the Braintree add-ons. ### Start the Braintree subscription (Deprecated) - [POST /blaize/payment/braintree/subscribe](https://developer.zuora.com/zephr-api-reference/zephr-public-api/braintree-payments/startbraintreesubscriptiondeprecated.md): (Deprecated - use the "/zephr/subscribe" operation intead) Uses the payment info captured by the braintree drop-in UI and encoded in the payment nonce to create a braintree customer in with a recurring payment. When braintree responds successfully, the logged-in user will be temporarily granted all entitlements in the product's associated bundle. ## Browser Feature Transformations ### Execute Browser feature decisions - [POST /zephr/feature-decisions](https://developer.zuora.com/zephr-api-reference/zephr-public-api/browser-feature-transformations/executebrowserfeaturesdecisions.md): Zephr HTML Features can be run in the browser by calling this API directly or using the Zephr Browser SDK. For compatibility with CDN, any web headers (Referrer, User-Agent) will be accepted and passed onto the rule engine. ### Execute Browser feature transformations - [POST /zephr/feature-transformations](https://developer.zuora.com/zephr-api-reference/zephr-public-api/browser-feature-transformations/executebrowserfeaturetransformations.md): Zephr HTML Features can be run in the browser by calling this API directly or using the Zephr Browser SDK. For compatibility with CDN, any web headers (Referrer, User-Agent) will be accepted and passed onto the rule engine. ## Decision Engine ### Execute the Decision Engine - [POST /blaize/decision-engine](https://developer.zuora.com/zephr-api-reference/zephr-public-api/decision-engine/executedecisionengine.md): The Blaize Decision Engine can be invoked via the Public API to calculate an HTTP Response based upon Request-Level Rules created in the Admin Console. This functionality is built into the Blaize Dynamic CDN but the API variant is useful for CMS or edge side integrations. ### Retrieve the Decision Engine - [GET /blaize/decision-engine](https://developer.zuora.com/zephr-api-reference/zephr-public-api/decision-engine/getdecisionengine.md): For compatibility with CDN, any web headers (Referrer, User-Agent) will be accepted and passed onto the rule engine. ## Dynamic Offer Decision Engine ### Process dynamic offer decisions - [POST /zephr/public/decisions/v2/dynamic-offers](https://developer.zuora.com/zephr-api-reference/zephr-public-api/dynamic-offer-decision-engine/processdynamicofferdecisions.md): The Dynamic Offer Decision Engine can be invoked via the Public API to calculate a decision output response based upon each property rule under the Dynamic Offer created in the Zephr Console. ### Validate dynamic offer decisions - [GET /zephr/public/decisions/v2/dynamic-offers/{offerId}/validations/{validationId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/dynamic-offer-decision-engine/validatedynamicofferdecisions.md): The Dynamic Offer Decision Engine can be tested via this endpoint to calculate a decision output response based on the criteria of the provided validation ID. Validation criteria is configured on the Zephr Console and determines the version of the dynamic offer being used. ## Dynamic Offer Promo Code Decision ### Process promo code decisions - [POST /zephr/public/decisions/v1/promo-codes](https://developer.zuora.com/zephr-api-reference/zephr-public-api/dynamic-offer-promo-code-decision/processpromocodedecisions.md): The Promo Code decision would execute the discount rule defined behind the given promo code, which is configured from the Zephr console. The decision request would require a list of relevant products with its pricing data, typically it would have come from a Dynamic Offer decision response. The Promo Code decision would generate decision response like a regular Dynamic Offer, but with the discount output according to the Promo Code's discount rule. Alternatively, if configured and the feature is enabled, this api can execute a dynamic offer rule that is linked to this promo code. Selected products are not required for executing promo codes using this method. Parameters supplied to the dynamic offers decisions api can also be supplied to this api for this promo code flow (session, foreign_keys, etc). ## OAuth Flow ### Start an OAuth flow - [POST /blaize/oauth/state](https://developer.zuora.com/zephr-api-reference/zephr-public-api/oauth-flow/startoauthflow.md): Starts the OAuth flow. ### Create a callback for the Google OAuth flow - [GET /blaize/oauth/google/callback](https://developer.zuora.com/zephr-api-reference/zephr-public-api/oauth-flow/creategoogleoauthflow.md): Callback for Google OAuth Flow. ### Create a callback for the Facebook OAuth flow - [GET /blaize/oauth/facebook/callback](https://developer.zuora.com/zephr-api-reference/zephr-public-api/oauth-flow/createfacebookoauthflow.md): Callback for Facebook OAuth flow. ### Create a callback for the Linkedin OAuth flow - [GET /blaize/oauth/linkedin/callback](https://developer.zuora.com/zephr-api-reference/zephr-public-api/oauth-flow/createlinkedinoauthflow.md): Callback for Linkedin OAuth flow. ## Payments ### Start the subscription - [POST /zephr/subscribe](https://developer.zuora.com/zephr-api-reference/zephr-public-api/payments/startsubscription.md): Uses the payment info captured by the payment provider drop-in UI and create a customer with a recurring payment. When the payment provider responds successfully, the logged-in user will be temporarily granted all entitlements in the product's associated bundle. ### Update the subscription - [PATCH /zephr/subscriptions/:subscriptionId](https://developer.zuora.com/zephr-api-reference/zephr-public-api/payments/changesubscription.md): Updates an existing subscription to change the associated product and plan. Updating the subscription may modify the price of the subscription, and if so the balance will be billed immediately at a pro-rated amount. Parameters specific to the vendor may be specified to change the payment method for the subscription. Changing to a plan with a different billing frequency from the existing subscription is not supported for some payment providers (Braintree). ## Product Sharing ### Retrieve the product sharing summary - [GET /zephr/public/products/v1/shares](https://developer.zuora.com/zephr-api-reference/zephr-public-api/product-sharing/getproductsharingsummary.md): Retrieves a summary of the products that the current user shares with other users, and products that are shared with the current user. ### Delete the product sharing by ID - [DELETE /zephr/public/products/v1/shares/{sharing_id}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/product-sharing/deleteuserproductsharing.md): Deletes a user product share by ID. Pending invites and accepted shares can be deleted. Invoking this method will increase the number of shares that the user has available for the given product. If the sharing_id corresponds to an accepted share, the member will immediately lose access to the product unless they have separate access. The member will receive an email notification about their removal. This email can be configured in the Admin Console. ### Create a product sharing invite via Email - [POST /zephr/public/products/v1/shares/invitations/emails](https://developer.zuora.com/zephr-api-reference/zephr-public-api/product-sharing/createproductsharinginviteviaemail.md): Creates a new user product share and send it via email. The exact contents of this email are configurable in the admin console. The email may include a link composed of the required attribute base_url and an additional path parameter sharing_id. It is expected that the specified base_url will direct invite recipients to a page that allows them to accept the invite and register/login. Custom metadata can also be passed to this method, which will be made available in the invitation email template and any later calls to access the publicly available share data. This metadata can be used, for example, to include the product owner's first name and a personalised message that is shown to the recipient in the invitation email and in a screen that allows the recipient to accept the invite. Invoking this method will reduce the number of shares that the user has available for the given product. The specified product must be shareable, the current user must have active grants for the product and must not have already exceeded the configured maximum number of shares for the product. ### Create a product share invite token - [POST /zephr/public/products/v1/shares/invitations/tokens](https://developer.zuora.com/zephr-api-reference/zephr-public-api/product-sharing/createproductshareinvitetoken.md): Creates a new user product share. Invoking this method will reduce the number of shares that the user has available for the given product. The returned token sharing ID can later be passed to the accept invite method. Custom metadata can also be passed to this method, which will be made available in later calls to access the publicly available share data. This metadata can be used, for example, to include the product owner's first name and a personalised message that is shown to the recipient in a screen that allows the recipient to accept the invite. Invoking this method will reduce the number of shares that the user has available for the given product. The specified product must be shareable, the current user must have active grants for the product and must not have already exceeded the configured maximum number of shares for the product. ### Retrieve the product share invite public data - [GET /zephr/public/products/v1/shares/invitations/{sharing_id}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/product-sharing/getproductshareinvitepublicdata.md): Retrieves the publicly accessible data relating to a user product share invite. This can be used to inform the invitee of the details of the product that is being shared, and any meta_data added at the point of invite creation, such as the name of the user that sent the invite. This endpoint is not authenticated. The information provided by this endpoint is available to anyone with a valid sharing_id. Invoking this endpoint too rapidly will result in a 429 error response. ### Accept a product share invite - [PUT /zephr/public/products/v1/shares/invitations/{sharing_id}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/product-sharing/acceptproductshareinvite.md): Accepts a product sharing invite. The current user will gain access to the product linked to the sharing invite. The user that send the invite must have an active grant for the product at the point of acceptance. If the current user already has a product share for the same product from the same product owner, an error code 409 will be returned and the invite will not be accepted. ## SDK Feature Decision Engine ### Process multiple decisions - [POST /zephr/decide](https://developer.zuora.com/zephr-api-reference/zephr-public-api/sdk-feature-decision-engine/processmultipledecisions.md): Processes multiple decisions. The SDK Feature Decision Engine can be invoked via the Public API to calculate a decision output response based upon Feature SDK Rules created in the Zephr Console. ### Process a single decision - [POST /zephr/decision-engine](https://developer.zuora.com/zephr-api-reference/zephr-public-api/sdk-feature-decision-engine/processsingledecision.md): Processes a single SDK feature decision. An SDK feature rule can be configured in the console, and allows a custom decision to be made using a range of inputs to drive the behaviour of a website or app. SDK features can output any one of several data types as configured in the console. - String: The output can be any string. - Number: The output can be any numerical value - Enum: The output can be one of a list of strings as configured in the developer panel for the rule. This is used for short output strings. - Component: The output can be one of a list of strings as configured in the developer panel for the rule. This is used for long output strings, such as HTML or JSON. - JSON: The output can be any JSON object. JSON schema validation can optionally be enforced when creating JSON outputs in the console. - Transformation: The output will be a JSON array of transformations to be applied to content on a webpage or in an app. This allows the configuration of the same types of outcomes that can be built with an HTML feature rule, such as hiding content and displaying a payment form. SDK features permit business decisions to drive access or behaviour to be made in an app that is not using HTML content. SDK decisions are relevant for both anonymous and authenticated sessions. If no session is provided via the request then an anonymous session will not be created. Invoking an SDK decision may cause side effects as configured in the rule, such as invoking webhooks or recording trial usages. When dryRunMode is enabled in the request, trial usages will not be recorded. ### Retrieve a single decision - [GET /zephr/decision-engine](https://developer.zuora.com/zephr-api-reference/zephr-public-api/sdk-feature-decision-engine/getsingledecision.md): For compatibility with CDN, any web headers (Referrer, User-Agent) will be accepted and passed onto the rule engine ## Sessions ### List all the user sessions - [GET /zephr/public/sessions/v1/sessions](https://developer.zuora.com/zephr-api-reference/zephr-public-api/sessions/listusersessions.md): Lists of all sessions for the current user and site. ### Delete all other sessions - [DELETE /zephr/public/sessions/v1/sessions](https://developer.zuora.com/zephr-api-reference/zephr-public-api/sessions/deleteallothersessions.md): Deletes all sessions for the current user and site apart from the session used to make the request. ### Delete the session by ID - [DELETE /zephr/public/sessions/v1/sessions/{sessionId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/sessions/deletesession.md): Deletes a session by ID. Returns a 404 if the specified session does not exist or does not belong to the current user. ## Stripe Payments ### Retrieve the Stripe public key - [GET /blaize/payment/stripe/publicKey](https://developer.zuora.com/zephr-api-reference/zephr-public-api/stripe-payments/getstripepublickey.md): This API endpoint fetches the public key associated with a tenant for payment processing. If the user is authenticated and the tenant has a configured Stripe public key, the endpoint will return the Stripe public key in a String format. ### Create a Stripe setup intent secret - [POST /zephr/payment/stripe/setupIntentSecret](https://developer.zuora.com/zephr-api-reference/zephr-public-api/stripe-payments/createstripesetupintentsecret.md): Creates the client secret to update card details ### Start the Stripe subscription confirmation - [POST /blaize/payment/stripe/subscription/confirmation](https://developer.zuora.com/zephr-api-reference/zephr-public-api/stripe-payments/startstripesubscriptionconfirmation.md): If a payment requires confirmation (3dSecure etc), the payment is confirmed in the front end. ### Update the Stripe subscription - [POST /zephr/payment/stripe/updateSubscription](https://developer.zuora.com/zephr-api-reference/zephr-public-api/stripe-payments/updatestripesubscription.md): Updates the payment method in the subscription. Payment method id will be provided by stripe on updating card details in the front end. ### Create a Stripe one-off payment - [POST /blaize/payment/stripe/buy](https://developer.zuora.com/zephr-api-reference/zephr-public-api/stripe-payments/buystripe.md): Uses the payment method collected by Stripe Elements to create a one off payment. ### Receive a webhook from Stripe for when a user is charged for a subscription. - [POST /blaize/payment/stripe/subscriptionChargedCallback](https://developer.zuora.com/zephr-api-reference/zephr-public-api/stripe-payments/callbackstripesubscriptioncharged.md): To use subscriptions, Stripe Webhooks for invoice.payment_succeeded must be configured to point to this endpoint. ### Preview the Stripe subscription change - [POST /zephr/payment/stripe/subscription/{subscriptionId}/change-previews](https://developer.zuora.com/zephr-api-reference/zephr-public-api/stripe-payments/previewstripechangesubscription.md): Generates a preview of the invoice that Stripe will create for the customer if their subscription is changed to a new plan. The invoice will be a prorated invoice for the price difference between current and new subscription plans for the remainder of the current billing period. The invoice will be billed immediately upon changing subscription. The invoice amount may be negative if the customer is changing to a lower-priced plan. Note: This method does not modify the user's subscription. ### Preview the Stripe subscription price - [POST /zephr/payment/stripe/create-subscription-previews](https://developer.zuora.com/zephr-api-reference/zephr-public-api/stripe-payments/previewstripesubscriptionprice.md): Generates a preview of the total price and tax amount that Stripe will charge the customer if they create a new subscription for the specified plan. Note: This method does not create any entities in Stripe and does not result in any payments being made. ### Check a Stripe promo code for a user - [GET /zephr/payment/stripe/promo-code](https://developer.zuora.com/zephr-api-reference/zephr-public-api/stripe-payments/checkstripepromocode.md): Checks a Stripe promo code for the logged in user. The promo code is checked for validity of the current user based on first time order restriction, specific customer restriction, max allowed redemptions and expiration. The payment form payment options are checked to match the minimum payment amount requirements of the promo code. ### Check a Stripe promo code for a user - [POST /zephr/payment/stripe/promo-code-check](https://developer.zuora.com/zephr-api-reference/zephr-public-api/stripe-payments/checkstripepromocodewithpaymentoptions.md): Checks a Stripe promo code for the logged in user. The promo code is checked for validity of the current user based on first time order restriction, specific customer restriction, max allowed redemptions and expiration. The supplied payment payment options are checked to match the minimum payment amount requirements of the promo code. ### Start the Stripe subscription (Deprecated) - [POST /blaize/payment/stripe/subscribe](https://developer.zuora.com/zephr-api-reference/zephr-public-api/stripe-payments/startstripesubscription.md): (Deprecated - use /zephr/subscribe) Uses the payment method info captured by the Stripe Elements UI to create a Stripe customer with a recurring payment. When Stripe responds successfully, the logged-in user will be temporarily granted all entitlements in the product's associated bundle. ### List the user's Stripe subscriptions - [GET /blaize/payment/stripe/subscriptions](https://developer.zuora.com/zephr-api-reference/zephr-public-api/stripe-payments/liststripesubscriptions.md): Lists the user's Stripe subscriptions. ### Cancel a user's Stripe subscription - [DELETE /blaize/payment/stripe/subscriptions/{externalId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/stripe-payments/cancelstripesubscription.md): Cancels a user's Stripe subscription ## Third-Party Authentication This section contains the API operations for the OAuth 2.0 Authorization Code Flow. ### Start an authorization code flow - [GET /zephr/oauth2](https://developer.zuora.com/zephr-api-reference/zephr-public-api/third-party-authentication/startoauth2flow.md): Starts OAuth2 Authorization Code Flow. The resource owner will be authenticated and be presented with the third-party application access request. ### Returns a list of your user's access scopes - [GET /zephr/oauth2/consent/{clientId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/third-party-authentication/listoauth2consentflow.md) ### Grant the access request - [POST /zephr/oauth2/grant](https://developer.zuora.com/zephr-api-reference/zephr-public-api/third-party-authentication/grantaccessrequest.md): The resource owner will consent or deny the third party application access request, and Zephr will return an authorization code upon user's consent. ### Retrieves the oauth2 configured fields - [GET /zephr/oauth2/config](https://developer.zuora.com/zephr-api-reference/zephr-public-api/third-party-authentication/getoauth2config.md): Gets the public oauth2 fields configured on the Third Party Authentication section of the site ### Get the OAuth2 error page - [GET /zephr/oauth2/error](https://developer.zuora.com/zephr-api-reference/zephr-public-api/third-party-authentication/getoauth2errorpage.md): Gets the OAuth2 error page. ## User ### Register a user - [POST /blaize/register](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/registerusers.md): This endpoint enables clients to initiate the creation of a new user account. If a contact with an identical email address already exists, that contact will be elevated to the status of a registered user. Essential attributes like identifiers.email_address and validators.password are mandatory for this endpoint. If any of these attributes are absent, registration attempts will trigger an error. Upon a successful request, session cookies like blaize_session and blaize_tracking_id are generated and included in the response header. ### Create or Update a Contact User - [POST /zephr/createContact](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/createcontact.md): This endpoint creates a new contact user or updates the attributes of an existing contact user if one exists with the supplied email address. To use this endpoint, 'contact users' must be enabled in the identity settings page in the console. A contact user is a type of user that has no validators and so no ability to create authenticated sessions. Contact users can be created to capture user information, such as email addresses, without fully registering users. This endpoint cannot be used to update the attributes of a registered user. Attempting to do so will return a 409 response. After creating a contact with an anonomyous session, the session is updated to include a flag to identify that this has happened. In the rules builder, the 'Contact Capture' decision node can be used to test this flag value and so determine if the current anonymous session was used to create a contact. This can be used, for example, to prevent showing a contact form to anonymous users that have already filled in such a form. ### Delete the user data - [POST /blaize/forget-me](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/deleteuserdata.md): Deletes user related data like sessions, elasticSearch data, O2Auth tokens according to the provided user_id in the session cookie. ### Retrieve the account - [GET /blaize/account](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/retrieveaccount.md): Retrieves the user's core account details. ### Retrieves the attributes for an authenticated user in the Zephr user store. - [GET /blaize/profile](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/retrieveprofile.md): Retrieves the attributes for an authenticated user in the Zephr user store. In addition to the standard authenticators, this endpoint also accepts an OAuth bearer token through the Authorization header. The response will only include publicly accessible user attributes. ### Sets the attributes for an authenticated user in the Zephr user store. - [PUT /blaize/profile](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/saveprofile.md): Sets the attributes for an authenticated user in the Zephr user store. The provided attributes are saved for the user. Any existing attributes for the user are removed and replaced with this new set. ### Updates the attributes for an authenticated user in the Zephr user store. - [POST /blaize/profile](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/updateprofile.md): Updates the attributes for an authenticated user in the Zephr user store. The behaviour for the POST and PATCH methods on this endpoint is identical. The provided attributes are saved for the user. Any new attributes are added. Any existing attributes with the same keys are updated. Any existing attributes with different keys remain unchanged. The request can also include an optional 'blaize-validator' property to authenticate a previously partially registered user. ### Updates the attributes for an authenticated user in the Zephr user store. - [PATCH /blaize/profile](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/updateprofilepatch.md): Updates the attributes for an authenticated user in the Zephr user store. The behaviour for the POST and PATCH methods on this endpoint is identical. The provided attributes are saved for the user. Any new attributes are added. Any existing attributes with the same keys are updated. Any existing attributes with different keys remain unchanged. The request can also include an optional 'blaize-validator' property to authenticate a previously partially registered user. ### Retrieve Extended Profile - [GET /blaize/profile/{appId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/retrieveextendedprofile.md): Extended Profile is used to store additional user information that is not part of the core profile. This endpoint is designed to be used for retrieving the user's Extended Profile. The body can be any valid JSON. ### Save Extended Profile - [PUT /blaize/profile/{appId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/saveextendedprofile.md): Extended Profile is used to store additional user information that is not part of the core profile. This endpoint will create an Extended Profile for the App ID if one did not exist already, or overwrite an existing Extended Profile for the App ID. The body can be any valid JSON. ### Create an authorization challenge - [POST /blaize/authorization/challenge](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/createauthorizationchallenge.md): Authorization Challenge against array of entitlement IDs. ### Retrieve the user schema - [GET /blaize/schema/users](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/retrieveuserschema.md): Retrieves the user attribute schema for the tenant. This includes all fields configured in the admin console for the user schema. ### Fingerprint - [GET /blaize/browser-fingerprint](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/browserfingerprint.md): Returns an HTML page that fingerprints the user's browser, sends the fingerprint data to POST /blaize/anonymous-session, and then redirects the user to a specified path provided as a query parameter (defaulting to '/'). ### Start the email update flow for a passwordless user - [POST /blaize/users/update-email-passwordless/{state}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/startupdateemailpasswordless.md): Starts the email update flow for a passwordless user. An email will be sent to the new email address for verification. ### Start two factor authentication process - [POST /blaize/two-factor-authentication](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/start2fa.md): Starts the two factor authentication process. An email will be sent to the email address provided in the request with a link to complete the process. ### Recognise the user as a previously logged-in user - [POST /zephr/recognise-me](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/recogniseuser.md): Recognises the user as a previously logged-in user. Users can be fingerprinted on login based on their email address, their user agent and their IP address. This endpoint can then be used with the same parameters to give users a limited access to their logged-in experience. This is an opt-in feature. ### Complete the change password flow - [GET /zephr/users/change-password/{otp}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/user/changecompletepasswordflow.md): Complete the change password flow. This endpoint changes the password to the one submitted previously in another request. The otp in this request is used to match this request with the previous one that started the flow and submitted the new password. ## V4 Gifts Create a Gift resource for V4. Gifts can be used to provide access to a particular URL for one session only by appending a gift token ID to the URL as the `gift` path parameter. ### Create a gift V4 - [POST /zephr/public/gift-tokens/v1/gift-tokens](https://developer.zuora.com/zephr-api-reference/zephr-public-api/v4-gifts/createv4gift.md): Creates a gift (V4). ## Web Analytics ### Retrieve the datalayer - [GET /blaize/datalayer](https://developer.zuora.com/zephr-api-reference/zephr-public-api/web-analytics/getdatalayer.md): Retrieves the Datalayer object for the current session. The datalayer can be used to provide contextual data when tracking user activity, for example providing values for 'User Attributes' in hotjar. The /blaize/profile endpoint is preferred for retrieving complete user profile information. All fields configured in the admin console will be resolved against the current session and returned. The top-level property in the response object defaults to 'dataLayer' and can be configured in the console under the data layer settings using the 'Data Layer Name' field. Data layer fields can be grouped by their 'Entity' as configured in the console. An example of the possible groupings is included. ### Submit user conversion data - [POST /zephr/public/rule-outcomes/v1/conversions](https://developer.zuora.com/zephr-api-reference/zephr-public-api/web-analytics/submituserconversiondata.md): Records a user conversion. In Zephr, a conversion typically represents a user state change, such as transitioning from anonymous to registered or becoming a paying customer. This endpoint can also be used to record any event, like a user clicking on an advert. Conversions are tracked against specific rule versions and outcomes, enabling performance comparison between different outcomes. Recording this data enables the comparison of performance of different outcomes in a rule. For example, a split test could be set up with two slightly different 'advert' outcomes that each record a conversion when a user interacts with them. After traffic has been processed by the rule, the conversion rates between the two outcomes can be compared in 'analytics' mode in the console. For example, it might show that 5% of users who saw Outcome1 clicked a button, compared to 8% for Outcome2. This analytics data can be downloaded in CSV format for further analysis. Conversion data is only used to evaluate the performance of outcomes in rules and cannot be accessed on a per-user basis. To track if a particular registered user has interacted with an outcome, update a user attribute value. This endpoint is only relevant where the Zephr in-rule analytics feature is enabled. This endpoint must be called with a populated blaize_tracking_id cookie. If this cookie is missing, a 400 response code is returned. ## Zephr Features ### Retrieve the Zephr Feature - [GET /zephr/features](https://developer.zuora.com/zephr-api-reference/zephr-public-api/zephr-features/retrievezephrfeature.md): Retrieves the Zephr browser features by default, or optionally with query parameter ?ruleType returns the given type, they can be HTML, browser, JSON, SDK. ## Component Library ### Retrieve the Component Library - [GET /zephr/public/component-library/v1/library-components/{componentId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/component-library/retrievecomponentlibrary.md): Components configured in the component library can be retrieved as rendered HTML. The componentId passed in the path can be versioned to reference a specific version of a library component. For example, ‘payment-form:1’, ‘payment-form:4’ or ‘payment-form:active’ to reference the default version of the component. ### Retrieve the Template Components - [GET /zephr/public/template-components/v1/template-components/{templateConfigId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/component-library/retrievetemplatecomponents.md): Template components can be retrieved as rendered HTML. This endpoint is intended to be consumed by callers processing the output of an SDK TRANSFORMATION rule, where templateConfigId will identify a particular instance of a template component being used in an outcome with variables specified. ### Retrieve the UI Components - [GET /zephr/public/ui-components/v1/ui-components/{componentId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/component-library/retrieveuicomponents.md): UI components can be retrieved as rendered HTML. This endpoint is intended to be consumed by callers processing the output of an SDK TRANSFORMATION rule, where componentId will reference a form or custom component created within an outcome of a rule. ### Retrieve a form by ID - [GET /zephr/public/forms/v1/forms/{formId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/component-library/getform.md): Retrieves a form by ID and returns an HTML page that renders it. ### List custom components - [GET /zephr/public/internal-templates/v1/internal-templates/{internalTemplateUsageId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/component-library/retrievecustomcomponents.md): Custom components can be retrieved as rendered HTML. This endpoint is intended to be consumed by callers processing the output of an SDK TRANSFORMATION rule, where internalTemplateUsageId will identify a particular instance of a custom component being used in an outcome with variables specified. The variables used by the custom component can be passed in as query parameters with the request which will override the values provided in the rule. ## Oauth2 Access Token ### Request oauth2 access token - [POST /zephr/oauth2/token](https://developer.zuora.com/zephr-api-reference/zephr-public-api/oauth2-access-token/requestoauth2accesstoken.md): Facilitates the acquisition of an OAuth2 access token. It requires either a basic authorization header or a client_id provided in the request body. ## Subscription ### Cancel a subscription - [DELETE /zephr/subscriptions/{externalId}](https://developer.zuora.com/zephr-api-reference/zephr-public-api/subscription/cancelsubscription.md): It cancels the logged in user's subscription with the provided external identifier (extenalId). A logged in session is required for this operation. ## Other ### Change the Stripe subscription price - [POST /zephr/payment/stripe/subscriptions/{externalId}/change-previews](https://developer.zuora.com/zephr-api-reference/zephr-public-api/other/previeweditstripesubscriptionprice.md): Generates a new preview of the price that Stripe will charge the customer if they create a new subscription for the specified plan. Note: This method does not create any entities in Stripe and does not result in any payments being made.