Skip to content

Public API Reference (2025-07-30)

The Zephr Public API provides common client-side actions tied to a session cookie. Unlike the Admin API, neither users nor other resources can be dereferenced; the only data that can be accessed is owned by the user who is currently signed-in. This design is used to protect other users from malicious attacks.

You can find the base URL for the Public API by navigating to your site domains. To do this, select Sites from the Delivery menu, select your site, and then click the Site Domains button. The base URL is the Live domain.

Zephr forms use the Public API by default, with relative URLs based on the base URL.

Download OpenAPI description
Languages
Servers
Mock server
https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api
https://{your-domain}

Authentication

Operations

Braintree Payments

Operations

Browser Feature Transformations

Operations

Decision Engine

Operations

Dynamic Offer Decision Engine

Operations

Dynamic Offer Promo Code Decision

Operations

OAuth Flow

Operations

Payments

Operations

Product Sharing

Operations

SDK Feature Decision Engine

Operations

Sessions

Operations

Stripe Payments

Operations

Retrieve the Stripe public key

Request

This API endpoint fetches the public key associated with a tenant for payment processing. If the user is authenticated and the tenant has a configured Stripe public key, the endpoint will return the Stripe public key in a String format.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Headers
cookiestringrequired

The session cookie is employed to ascertain whether a user is already authenticated or has an active session.

Example: blaize_session=57685913-7365-4dae-a425-1c2c2f72cc0
curl -i -X GET \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/blaize/payment/stripe/publicKey \
  -H 'cookie: blaize_session=57685913-7365-4dae-a425-1c2c2f72cc0' \
  -b blaize_session=57685913-7365-4dae-a425-1c2c2f72cc0

Responses

A stripe public key for the tenant.

Bodyapplication/json
string
Response
application/json
"pk_live_PFghBsstUo5FwUGcXBiNvIkY00X1YHtpnJ"

Create a Stripe setup intent secret

Request

Creates the client secret to update card details

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Headers
cookiestring

The session cookie.

Example: `blaize_session=...` (string)
curl -i -X POST \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/zephr/payment/stripe/setupIntentSecret \
  -H 'cookie: `blaize_session=...` (string)' \
  -b '`blaize_session=...` (string)'

Responses

OK

Bodyapplication/json
clientSecretstring

Reference to Stripe payment required to process payment in front end.

Example: "src_client_secret_QfsM25CJ2uCMon72MiOmUNTj"
Response
application/json
{ "clientSecret": "src_client_secret_QfsM25CJ2uCMon72MiOmUNTj" }

Start the Stripe subscription confirmation

Request

If a payment requires confirmation (3dSecure etc), the payment is confirmed in the front end.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Bodyapplication/json
subscriptionIdstring
Example: "sub_H8eIeMFwMawg6w"
curl -i -X POST \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/blaize/payment/stripe/subscription/confirmation \
  -H 'Content-Type: application/json' \
  -b blaize_session=YOUR_API_KEY_HERE \
  -d '{
    "subscriptionId": "sub_H8eIeMFwMawg6w"
  }'

Responses

OK

Bodyapplication/json
grant_idstring

New grant of product bundle to user

Example: "aa583cb8-51d1-4bd9-9ec7-3a43796ef8e5"
Response
application/json
{ "grant_id": "aa583cb8-51d1-4bd9-9ec7-3a43796ef8e5" }

Update the Stripe subscription

Request

Updates the payment method in the subscription. Payment method id will be provided by stripe on updating card details in the front end.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Bodyapplication/json
subscription_idstringrequired
Example: "sub_H8eIeMFwMawg6w"
payment_method_idstringrequired
Example: "pm_2KrMmOCvDgIhZCB6u0Yn7COE"
curl -i -X POST \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/zephr/payment/stripe/updateSubscription \
  -H 'Content-Type: application/json' \
  -b blaize_session=YOUR_API_KEY_HERE \
  -d '{
    "subscription_id": "sub_H8eIeMFwMawg6w",
    "payment_method_id": "pm_2KrMmOCvDgIhZCB6u0Yn7COE"
  }'

Responses

OK

Create a Stripe one-off payment

Request

Uses the payment method collected by Stripe Elements to create a one off payment.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Bodyapplication/json
product_idstringrequired

Product ID/slug

Example: "lifetime-membership"
price_point_idstringrequired

Price Point ID/slug

Example: "gold-package"
payment_methodstringrequired

Payment method from Stripe Elements UI.

Example: "pm_123456789"
payment_intent_idstring

PaymentIntent ID returned after confirming a card payment.

Example: "pi_1GYZYWLgUJT2XNPAYQMomeqf"
curl -i -X POST \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/blaize/payment/stripe/buy \
  -H 'Content-Type: application/json' \
  -b blaize_session=YOUR_API_KEY_HERE \
  -d '{
    "product_id": "lifetime-membership",
    "price_point_id": "gold-package",
    "payment_method": "pm_123456789",
    "payment_intent_id": "pi_1GYZYWLgUJT2XNPAYQMomeqf"
  }'

Responses

OK

Bodyapplication/json
grant_idstring

New grant of product bundle to user

Example: "aa583cb8-51d1-4bd9-9ec7-3a43796ef8e5"
client_secretstring

Reference to Stripe payment required to process payment in front end.

Example: "src_client_secret_QfsM25CJ2uCMon72MiOmUNTj`"
payment_intent_idstring

Reference to the payment intent if payment requires confirmation.

Example: "pi_1GYZYWLgUJT2XNPAYQMomeqf"
Response
application/json
{ "grant_id": "aa583cb8-51d1-4bd9-9ec7-3a43796ef8e5", "client_secret": "src_client_secret_QfsM25CJ2uCMon72MiOmUNTj`", "payment_intent_id": "pi_1GYZYWLgUJT2XNPAYQMomeqf" }

Receive a webhook from Stripe for when a user is charged for a subscription.

Request

To use subscriptions, Stripe Webhooks for invoice.payment_succeeded must be configured to point to this endpoint.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
curl -i -X POST \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/blaize/payment/stripe/subscriptionChargedCallback \
  -b blaize_session=YOUR_API_KEY_HERE

Responses

OK

Preview the Stripe subscription change

Request

Generates a preview of the invoice that Stripe will create for the customer if their subscription is changed to a new plan. The invoice will be a prorated invoice for the price difference between current and new subscription plans for the remainder of the current billing period. The invoice will be billed immediately upon changing subscription. The invoice amount may be negative if the customer is changing to a lower-priced plan.

Note: This method does not modify the user's subscription.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Path
subscriptionIdstringrequired

The ID of the Stripe subscription to change.

Bodyapplication/json
plan_idstringrequired

The new Stripe price plan ID.

Example: "price_H8eIeMFwMawg6w"
curl -i -X POST \
  'https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/zephr/payment/stripe/subscription/{subscriptionId}/change-previews' \
  -H 'Content-Type: application/json' \
  -b blaize_session=YOUR_API_KEY_HERE \
  -d '{
    "plan_id": "price_H8eIeMFwMawg6w"
  }'

Responses

OK

Body*/*
totalnumber

The total amount of the prorate invoice in the relevant currency's lowest denomination (e.g. pence).

Example: 5000
sub_totalnumber

The total amount of the prorate invoice minus tax in the relevant currency's lowest denomination (e.g. pence).

Example: 4500

Preview the Stripe subscription price

Request

Generates a preview of the total price and tax amount that Stripe will charge the customer if they create a new subscription for the specified plan.

Note: This method does not create any entities in Stripe and does not result in any payments being made.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Bodyapplication/json
product_idstringrequired

The ID of the new Zephr product.

Example: "zephr-prod-1"
plan_idstringrequired

The new Stripe price plan ID.

Example: "price_H8eIeMFwMawg6w"
promo_codestring

The Stripe promo code that will be attached to the subscription.

Example: "discount15"
billing_countrystring

The user's billing country, for tax calculation purposes.

Example: "US"
billing_post_codestring

The user's billing postal code, for tax calculation purposes.

Example: "90210"
curl -i -X POST \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/zephr/payment/stripe/create-subscription-previews \
  -H 'Content-Type: application/json' \
  -b blaize_session=YOUR_API_KEY_HERE \
  -d '{
    "product_id": "zephr-prod-1",
    "plan_id": "price_H8eIeMFwMawg6w",
    "promo_code": "discount15",
    "billing_country": "US",
    "billing_post_code": "90210"
  }'

Responses

OK

Body*/*
totalnumber

The total amount the user will be initially charged for the subscription in the relevant currency's lowest denomination (e.g. pence), i.e. for a monthly subscription, the first month's cost.

Example: 5000
sub_totalnumber

The total amount minus tax for the initial charge in the relevant currency's lowest denomination (e.g. pence).

Example: 4500
taxnumber

The tax amount for the initial charge in the relevant currency's lowest denomination (e.g. pence).

Example: 500
discountnumber

The discount amount for the initial charge in the relevant currency's lowest denomination (e.g. pence).

Check a Stripe promo code for a user

Request

Checks a Stripe promo code for the logged in user. The promo code is checked for validity of the current user based on first time order restriction, specific customer restriction, max allowed redemptions and expiration. The payment form payment options are checked to match the minimum payment amount requirements of the promo code.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Query
codestringrequired

The ID of the Stripe promo code to check.

paymentFormstringrequired

The slug of the Stripe payment form the promo code relates to.

curl -i -X GET \
  'https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/zephr/payment/stripe/promo-code?code=string&paymentForm=string' \
  -b blaize_session=YOUR_API_KEY_HERE

Responses

OK

Bodyapplication/json
codestring

Same code supplied as a query parameter in the request

discountstring

The discount offered by this promo code

paymentOptionsArray of objects

The payment options (either from the supplied payment form or from the request body) filtered for promo code validity

Response
application/json
{ "code": "string", "discount": "string", "paymentOptions": [ { … } ] }

Check a Stripe promo code for a user

Request

Checks a Stripe promo code for the logged in user. The promo code is checked for validity of the current user based on first time order restriction, specific customer restriction, max allowed redemptions and expiration. The supplied payment payment options are checked to match the minimum payment amount requirements of the promo code.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Bodyapplication/json
paymentOptionsobject
promoCodestring

The promo code ID that must be checked.

curl -i -X POST \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/zephr/payment/stripe/promo-code-check \
  -H 'Content-Type: application/json' \
  -b blaize_session=YOUR_API_KEY_HERE \
  -d '{
    "paymentOptions": {
      "currency": "string",
      "description": "string",
      "label": "string",
      "order": 0,
      "price": 0,
      "pricePointId": "string",
      "productId": "string",
      "recommended": true,
      "slug": "string",
      "subTenantId": "string",
      "tenantId": "string",
      "type": "PRICE_POINT"
    },
    "promoCode": "string"
  }'

Responses

OK

Bodyapplication/json
codestring

Same code supplied as a query parameter in the request

discountstring

The discount offered by this promo code

paymentOptionsArray of objects

The payment options (either from the supplied payment form or from the request body) filtered for promo code validity

Response
application/json
{ "code": "string", "discount": "string", "paymentOptions": [ { … } ] }

Start the Stripe subscription (Deprecated)

Request

(Deprecated - use /zephr/subscribe) Uses the payment method info captured by the Stripe Elements UI to create a Stripe customer with a recurring payment. When Stripe responds successfully, the logged-in user will be temporarily granted all entitlements in the product's associated bundle.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Bodyapplication/json
product_idstringrequired

Product Id/slug

Example: "premium-access-monthly-recurring"
payment_methodstringrequired

Payment method from Stripe Elements UI.

Example: "pm_123456789"
plan_idstring
discount_codestring
curl -i -X POST \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/blaize/payment/stripe/subscribe \
  -H 'Content-Type: application/json' \
  -b blaize_session=YOUR_API_KEY_HERE \
  -d '{
    "product_id": "premium-access-monthly-recurring",
    "payment_method": "pm_123456789"
  }'

Responses

OK

Bodyapplication/json
grant_idstring

New grant of product bundle to user

clientSecretstring

reference to Stripe payment required to process payment in front end

paymentIntentStatusstring

status of the payment which may require further action

Response
application/json
{ "grant_id": "string", "clientSecret": "string", "paymentIntentStatus": "string" }

List the user's Stripe subscriptions

Request

Lists the user's Stripe subscriptions.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
curl -i -X GET \
  https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/blaize/payment/stripe/subscriptions \
  -b blaize_session=YOUR_API_KEY_HERE

Responses

OK

Bodyapplication/jsonArray [
billingFrequencyinteger
billingFrequencyUnitstring(StripeSubscriptionInterval)
Enum"DAY""WEEK""MONTH""YEAR"
blaizeProductobject(StripeSubscriptionProduct)
currencyCodestring
discountsAppliedboolean
endedstring(date-time)
endsstring(date-time)
externalIdstring
managedBystring
multiphasePlanboolean
nextBillingTimestring(date-time)
paidThroughDatestring(date-time)
planIdstring
planNamestring
preDiscountPricenumber
statestring
taxRatesArray of objects(StripeSubscriptionTaxRate)
transactionRecordsArray of objects(TransactionRecord)
]
Response
application/json
[ { "billingFrequency": 0, "billingFrequencyUnit": "DAY", "blaizeProduct": { … }, "currencyCode": "string", "discountsApplied": true, "ended": "2019-08-24T14:15:22Z", "ends": "2019-08-24T14:15:22Z", "externalId": "string", "managedBy": "string", "multiphasePlan": true, "nextBillingTime": "2019-08-24T14:15:22Z", "paidThroughDate": "2019-08-24T14:15:22Z", "planId": "string", "planName": "string", "preDiscountPrice": 0, "state": "string", "taxRates": [ … ], "transactionRecords": [ … ] } ]

Cancel a user's Stripe subscription

Request

Cancels a user's Stripe subscription

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Path
externalIdstringrequired

The ID of the Stripe subscription to cancel.

curl -i -X DELETE \
  'https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/blaize/payment/stripe/subscriptions/{externalId}' \
  -b blaize_session=YOUR_API_KEY_HERE

Responses

OK

Third-Party Authentication

This section contains the API operations for the OAuth 2.0 Authorization Code Flow.

Operations

User

Operations

V4 Gifts

Create a Gift resource for V4. Gifts can be used to provide access to a particular URL for one session only by appending a gift token ID to the URL as the gift path parameter.

Operations

Web Analytics

Operations

Zephr Features

Operations

Component Library

Operations

Change the Stripe subscription price

Request

Generates a new preview of the price that Stripe will charge the customer if they create a new subscription for the specified plan. Note: This method does not create any entities in Stripe and does not result in any payments being made.

Security
CookieBlaizeSession or JwtQuery or JwtHeaderXBlaizeJwt or JwtHeaderXZephrJwt or JwtBearer or JwtCookie
Path
externalIdstringrequired
Bodyapplication/json
plan_idstring
curl -i -X POST \
  'https://developer.zuora.com/_mock/zephr-api-reference/zephr-public-api/zephr/payment/stripe/subscriptions/{externalId}/change-previews' \
  -H 'Content-Type: application/json' \
  -b blaize_session=YOUR_API_KEY_HERE \
  -d '{
    "plan_id": "string"
  }'

Responses

OK

Bodyapplication/json
totalnumber

The total amount the user will be initially charged for the subscription in the relevant currency's lowest denomination (e.g. pence), i.e. for a monthly subscription, the first month's cost.

Example: 5000
sub_totalnumber

The total amount minus tax for the initial charge in the relevant currency's lowest denomination (e.g. pence).

Example: 4500
Response
application/json
{ "total": 5000, "sub_total": 4500 }

Oauth2 Access Token

Operations

Subscription

Operations