POST /v1/payment-methods/decryption

The decryption API endpoint can conditionally perform 4 tasks in one atomic call:

Decrypt Apple Pay Payment token
Create Credit Card Payment Method in Zuora with decrypted Apple Pay information
Create a stored credential profile within the Apple Pay payment method
Process Payment on a specified Invoice (optional)

Servers

https://rest.test.zuora.com
https://rest.sandbox.na.zuora.com
https://rest.apisandbox.zuora.com
https://rest.na.zuora.com
https://rest.zuora.com
https://rest.test.eu.zuora.com
https://rest.sandbox.eu.zuora.com
https://rest.eu.zuora.com

Request headers

Name	Type	Required	Description
`Content-Type`	String	Yes	The media type of the request body. Default value: "application/json"
`Content-Encoding`	String	No	Include the `Content-Encoding: gzip` header to compress a request. With this header specified, you should upload a gzipped file for the request payload instead of sending the JSON payload.
`Zuora-Track-Id`	String	No	A custom identifier for tracing the API call. If you set a value for this header, Zuora returns the same value in the response headers. This header enables you to associate your system process identifiers with Zuora API calls, to assist with troubleshooting in the event of an issue. The value of this field must use the US-ASCII character set and must not include any of the following characters: colon (`:`), semicolon (`;`), double quote (`"`), and quote (`'`).
`Authorization`	String	No	The value is in the `Bearer {token}` format where {token} is a valid OAuth token generated by calling Create an OAuth token.
`Idempotency-Key`	String	No	Specify a unique idempotency key if you want to perform an idempotent POST or PATCH request. Do not use this header in other request types. With this header specified, the Zuora server can identify subsequent retries of the same request using this value, which prevents the same operation from being performed multiple times by accident.
`Zuora-Entity-Ids`	String	No	An entity ID. If you have Zuora Multi-entity enabled and the OAuth token is valid for more than one entity, you must use this header to specify which entity to perform the operation in. If the OAuth token is only valid for a single entity, or you do not have Zuora Multi-entity enabled, you do not need to set this header.
`Zuora-Org-Ids`	String	No	Comma separated IDs. If you have Zuora Multi-Org enabled, you can use this header to specify which orgs to perform the operation in. If you do not have Zuora Multi-Org enabled, you should not set this header. The IDs must be a sub-set of the user's accessible orgs. If you specify an org that the user does not have access to, the operation fails. If the header is not set, the operation is performed in scope of the user's accessible orgs.
`Accept-Encoding`	String	No	Include the `Accept-Encoding: gzip` header to compress responses as a gzipped file. It can significantly reduce the bandwidth required for a response. If specified, Zuora automatically compresses responses that contain over 1000 bytes of data, and the response contains a `Content-Encoding` header with the compression algorithm so that your client can decompress it.

Request body fields

Name	Type	Required	Description
`processPayment`	Boolean	No	A boolean flag to control whether a payment should be processed after creating payment method. The payment amount will be equivalent to the amount the merchant supplied in the ApplePay session. Default is false. If this field is set to `true`, you must specify the `paymentGateway` field with the payment gateway instance name. If this field is set to `false`: The default payment gateway of your Zuora customer account will be used no matter whether a payment gateway instance is specified in the `paymentGateway` field. You must select the Verify new credit card check box on the gateway instance settings page. Otherwise, the cryptogram will not be sent to the gateway. A separate subscribe or payment API call is required after this payment method creation call.
`mitProfileAction`	String	No	This field is only available for the following gateway integrations to create stored credential profiles within payment methods: Chase Paymentech Orbital Gateway CyberSource Payment API v2.0 Stripe v2 Vantiv (Now Worldpay) Specify either of the following values in this field: `Activate` - Use this value if you are creating the stored credential profile after receiving the customer's consent. Zuora will create the stored credential profile then send a cardholder-initiated transaction (CIT) to the payment gateway to validate the stored credential profile. If the CIT succeeds, the status of the stored credential profile will be `Active`. If the CIT does not succeed, Zuora will not create a stored credential profile. If the payment gateway does not support the stored credential transaction framework, the status of the stored credential profile will be `Agreed`. `Persist` - Use this value if the stored credential profile represents a stored credential profile in an external system. The status of the payment method's stored credential profile will be `Active`. If you do not specify this field, Zuora will automatically create a stored credential profile for the payment method, with the default value `Activate` set to this field. Possible values: `"Persist"` `"Activate"`
`paymentGateway`	String	No	The label name of the gateway instance configured in Zuora that should process the payment. When creating a Payment, this must be a valid gateway instance ID and this gateway must support the specific payment method. If not specified, the default gateway of your Zuora customer account will be used. Note: When `processPayment` is `true`, this field is required. When `processPayment` is `false`, the default payment gateway of your Zuora customer account will be used no matter whether a payment gateway instance is specified in the `paymentGateway` field.
`accountID`	String	No	The ID of the customer account associated with this payment method. To create an orphan payment method that is not associated with any customer account, you do not need to specify this field during creation. However, you must associate the orphan payment method with a customer account within 10 days. Otherwise, this orphan payment method will be deleted.
`mitConsentAgreementSrc`	String	No	This field is only available for the following gateway integrations to create stored credential profiles within payment methods: Chase Paymentech Orbital Gateway CyberSource Payment API v2.0 Stripe v2 Vantiv (Now Worldpay) Specify how the consent agreement has been established with the customer. The allowed value is `External`. It is required if the `mitProfileAction` field is specified. If you do not specify the `mitProfileAction` field, Zuora will automatically create a stored credential profile for the payment method, with the default value `External` set to this field. Possible values: `"External"`
`paymentToken`	Object	Yes	The complete JSON Object representing the encrypted payment token payload returned in the response from the Apple Pay session.
`mitProfileType`	String	No	This field is only available for the following gateway integrations to create stored credential profiles within payment methods: Chase Paymentech Orbital Gateway CyberSource Payment API v2.0 Stripe v2 Vantiv (Now Worldpay) This field indicates the type of the stored credential profile to process recurring or unsecheduled transactions. It is required if the `mitProfileAction` field is specified. If you do not specify the `mitProfileAction` field, Zuora will automatically create a stored credential profile for the payment method, with the default value `Recurring` set to this field. Possible values: `"Unscheduled"` `"Recurring"`
`integrationType`	String	Yes	Field to identify the token decryption type. Note: The only value at this time is `ApplePay`.
`merchantID`	String	Yes	The Merchant ID that was configured for use with Apple Pay in the Apple iOS Developer Center.
`cardHolderInfo`	Object	No	Container for cardholder information. The nested `cardHolderName` field is required.
`cardHolderInfo.email`	String	No	Card holder's email address, 80 characters or less.
`cardHolderInfo.phone`	String	No	Phone number, 40 characters or less.
`cardHolderInfo.country`	String	No	Country, must be a valid country name or abbreviation. It is recommended to provide the city and country information when creating a payment method. The information will be used to process payments. If the information is not provided during payment method creation, the city and country data will be missing during payment processing.
`cardHolderInfo.state`	String	No	State; must be a valid state name or 2-character abbreviation.
`cardHolderInfo.zipCode`	String	No	Zip code, 20 characters or less.
`cardHolderInfo.addressLine1`	String	No	First address line, 255 characters or less.
`cardHolderInfo.cardHolderName`	String	Yes	The card holder's full name as it appears on the card, e.g., "John J Smith", 50 characters or less.
`cardHolderInfo.city`	String	No	City, 40 characters or less. It is recommended to provide the city and country information when creating a payment method. The information will be used to process payments. If the information is not provided during payment method creation, the city and country data will be missing during payment processing.
`cardHolderInfo.addressLine2`	String	No	Second address line, 255 characters or less.
`invoiceId`	String	No	The id of invoice this payment will apply to. Note: When `processPayment` is `true`, this field is required. Only one invoice can be paid; for scenarios where you want to pay for multiple invoices, set `processPayment` to `false` and call payment API separately.

How to start integrating

Add HTTP Task to your workflow definition.
Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
Click Test request to test run your request to the API and see the API's response.