Skip to content

Public API Reference (2025-07-30)

The Zephr Public API provides common client-side actions tied to a session cookie. Unlike the Admin API, neither users nor other resources can be dereferenced; the only data that can be accessed is owned by the user who is currently signed-in. This design is used to protect other users from malicious attacks.

You can find the base URL for the Public API by navigating to your site domains. To do this, select Sites from the Delivery menu, select your site, and then click the Site Domains button. The base URL is the Live domain.

Zephr forms use the Public API by default, with relative URLs based on the base URL.

Download OpenAPI description
Languages
Servers
Mock server
https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api
https://{your-domain}

Authentication

Operations

Braintree Payments

Operations

Browser Feature Transformations

Operations

Decision Engine

Operations

Dynamic Offer Decision Engine

Operations

Dynamic Offer Promo Code Decision

Operations

OAuth Flow

Operations

Payments

Operations

Product Sharing

Operations

Retrieve the product sharing summary

Request

Retrieves a summary of the products that the current user shares with other users, and products that are shared with the current user.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
curl -i -X GET \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/zephr/public/products/v1/shares \
  -b blaize_session=YOUR_API_KEY_HERE

Responses

OK

Bodyapplication/json
member_productsArray of objects(member_products)
owned_productsArray of objects(owned_products)
Response
application/json
{ "owned_products": [ { … } ], "member_products": [ { … } ] }

Delete the product sharing by ID

Request

Deletes a user product share by ID. Pending invites and accepted shares can be deleted. Invoking this method will increase the number of shares that the user has available for the given product. If the sharing_id corresponds to an accepted share, the member will immediately lose access to the product unless they have separate access. The member will receive an email notification about their removal. This email can be configured in the Admin Console.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Path
sharing_idstringrequired

The ID of the user product share to delete.

Example: 0nasdj-aso25-6454
curl -i -X DELETE \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/zephr/public/products/v1/shares/0nasdj-aso25-6454 \
  -b blaize_session=YOUR_API_KEY_HERE

Responses

OK

Create a product sharing invite via Email

Request

Creates a new user product share and send it via email. The exact contents of this email are configurable in the admin console. The email may include a link composed of the required attribute base_url and an additional path parameter sharing_id. It is expected that the specified base_url will direct invite recipients to a page that allows them to accept the invite and register/login. Custom metadata can also be passed to this method, which will be made available in the invitation email template and any later calls to access the publicly available share data. This metadata can be used, for example, to include the product owner's first name and a personalised message that is shown to the recipient in the invitation email and in a screen that allows the recipient to accept the invite. Invoking this method will reduce the number of shares that the user has available for the given product. The specified product must be shareable, the current user must have active grants for the product and must not have already exceeded the configured maximum number of shares for the product.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Bodyapplication/json
product_idstringrequired

The ID of the product that is being shared.

Example: "product-1"
email_addressstringrequired

The email address to send the invite to.

Example: "name@domain.com"
base_urlstringrequired

The invite link destination URL. The path parameter 'sharing_id=xxx' will be added to this URL. Other path parameters and anchors are accepted.

Example: "https://example.com/accept-invite"
meta_dataobject

Extra information for the user product share, which can be included in the sent email.

curl -i -X POST \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/zephr/public/products/v1/shares/invitations/emails \
  -H 'Content-Type: application/json' \
  -b blaize_session=YOUR_API_KEY_HERE \
  -d '{
    "product_id": "product-1",
    "email_address": "name@domain.com",
    "base_url": "https://example.com/accept-invite"
  }'

Responses

OK

Bodyapplication/json
sharing_idstringrequired

The ID of the created product share.

Example: "0nasdj-aso25-6454"
Response
application/json
{ "sharing_id": "0nasdj-aso25-6454" }

Create a product share invite token

Request

Creates a new user product share. Invoking this method will reduce the number of shares that the user has available for the given product. The returned token sharing ID can later be passed to the accept invite method. Custom metadata can also be passed to this method, which will be made available in later calls to access the publicly available share data. This metadata can be used, for example, to include the product owner's first name and a personalised message that is shown to the recipient in a screen that allows the recipient to accept the invite. Invoking this method will reduce the number of shares that the user has available for the given product. The specified product must be shareable, the current user must have active grants for the product and must not have already exceeded the configured maximum number of shares for the product.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Bodyapplication/json
product_idstringrequired

The ID of the product that is being shared.

Example: "product-1"
meta_dataobject

Extra information for the user product share.

curl -i -X POST \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/zephr/public/products/v1/shares/invitations/tokens \
  -H 'Content-Type: application/json' \
  -b blaize_session=YOUR_API_KEY_HERE \
  -d '{
    "product_id": "product-1"
  }'

Responses

OK

Bodyapplication/json
sharing_idstringrequired

The ID of the created product share.

Example: "0nasdj-aso25-6454"
Response
application/json
{ "sharing_id": "0nasdj-aso25-6454" }

Retrieve the product share invite public data

Request

Retrieves the publicly accessible data relating to a user product share invite. This can be used to inform the invitee of the details of the product that is being shared, and any meta_data added at the point of invite creation, such as the name of the user that sent the invite. This endpoint is not authenticated. The information provided by this endpoint is available to anyone with a valid sharing_id. Invoking this endpoint too rapidly will result in a 429 error response.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Path
sharing_idstringrequired

The ID of the user product sharing invite.

Example: 0nasdj-aso25-6454
curl -i -X GET \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/zephr/public/products/v1/shares/invitations/0nasdj-aso25-6454 \
  -b blaize_session=YOUR_API_KEY_HERE

Responses

OK

Bodyapplication/json
product_idstring

The ID of the product that is shared.

Example: "product-1"
product_labelstring

The label of the product that is shared.

Example: "Gold Product"
meta_dataobject

Extra information for the user product share, defined at the point of creation.

Response
application/json
{ "product_id": "product-1", "product_label": "Gold Product", "meta_data": {} }

Accept a product share invite

Request

Accepts a product sharing invite. The current user will gain access to the product linked to the sharing invite. The user that send the invite must have an active grant for the product at the point of acceptance. If the current user already has a product share for the same product from the same product owner, an error code 409 will be returned and the invite will not be accepted.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Path
sharing_idstringrequired

The ID of the user product sharing invite.

Example: 0nasdj-aso25-6454
curl -i -X PUT \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/zephr/public/products/v1/shares/invitations/0nasdj-aso25-6454 \
  -b blaize_session=YOUR_API_KEY_HERE

Responses

OK

SDK Feature Decision Engine

Operations

Sessions

Operations

Stripe Payments

Operations

Third-Party Authentication

This section contains the API operations for the OAuth 2.0 Authorization Code Flow.

Operations

User

Operations

V4 Gifts

Create a Gift resource for V4. Gifts can be used to provide access to a particular URL for one session only by appending a gift token ID to the URL as the gift path parameter.

Operations

Web Analytics

Operations

Zephr Features

Operations

Component Library

Operations

Change the Stripe subscription price

Request

Generates a new preview of the price that Stripe will charge the customer if they create a new subscription for the specified plan. Note: This method does not create any entities in Stripe and does not result in any payments being made.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Path
externalIdstringrequired
Bodyapplication/json
plan_idstring
curl -i -X POST \
  'https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/zephr/payment/stripe/subscriptions/{externalId}/change-previews' \
  -H 'Content-Type: application/json' \
  -b blaize_session=YOUR_API_KEY_HERE \
  -d '{
    "plan_id": "string"
  }'

Responses

OK

Bodyapplication/json
totalnumber

The total amount the user will be initially charged for the subscription in the relevant currency's lowest denomination (e.g. pence), i.e. for a monthly subscription, the first month's cost.

Example: 5000
sub_totalnumber

The total amount minus tax for the initial charge in the relevant currency's lowest denomination (e.g. pence).

Example: 4500
Response
application/json
{ "total": 5000, "sub_total": 4500 }

Oauth2 Access Token

Operations

Subscription

Operations