POST /v1/rsa-signatures

The REST API used in Payment Pages 2.0 are CORS (Cross-Origin Resource Sharing) enabled and therefore requires a digital signature. The POST rsa_signatures call generates and returns the required digital signature and token for a Payment Pages 2.0 form. You need to pass the generated signature to your client for it to access Payment Pages 2.0.

This REST service should be used only when you implement Payment Pages 2.0.

Note: To avoid potential credit card fraud attacks, you should secure your Payment Pages from being accessed by fraudulent users before you issue client-side digital signatures and tokens. See Manage Token Issuance for more information.

Troubleshooting tip: After you use this operation to generate an RSA signature, if signature returns null but token is successfully returned, please limit the number of the fields in your request to make sure that the maximum length supported by the RSA signature algorithm is not exceeded. The calculation of the request length is determined by the number of the parameters, and the length of each of the parameter name and its value.

Servers

https://rest.test.zuora.com
https://rest.sandbox.na.zuora.com
https://rest.apisandbox.zuora.com
https://rest.na.zuora.com
https://rest.zuora.com
https://rest.test.eu.zuora.com
https://rest.sandbox.eu.zuora.com
https://rest.eu.zuora.com

Request headers

Name	Type	Required	Description
`Content-Type`	String	Yes	The media type of the request body. Default value: "application/json"
`Content-Encoding`	String	No	Include the `Content-Encoding: gzip` header to compress a request. With this header specified, you should upload a gzipped file for the request payload instead of sending the JSON payload.
`Zuora-Track-Id`	String	No	A custom identifier for tracing the API call. If you set a value for this header, Zuora returns the same value in the response headers. This header enables you to associate your system process identifiers with Zuora API calls, to assist with troubleshooting in the event of an issue. The value of this field must use the US-ASCII character set and must not include any of the following characters: colon (`:`), semicolon (`;`), double quote (`"`), and quote (`'`).
`Authorization`	String	No	The value is in the `Bearer {token}` format where {token} is a valid OAuth token generated by calling Create an OAuth token.
`Idempotency-Key`	String	No	Specify a unique idempotency key if you want to perform an idempotent POST or PATCH request. Do not use this header in other request types. With this header specified, the Zuora server can identify subsequent retries of the same request using this value, which prevents the same operation from being performed multiple times by accident.
`Zuora-Entity-Ids`	String	No	An entity ID. If you have Zuora Multi-entity enabled and the OAuth token is valid for more than one entity, you must use this header to specify which entity to perform the operation in. If the OAuth token is only valid for a single entity, or you do not have Zuora Multi-entity enabled, you do not need to set this header.
`Zuora-Org-Ids`	String	No	Comma separated IDs. If you have Zuora Multi-Org enabled, you can use this header to specify which orgs to perform the operation in. If you do not have Zuora Multi-Org enabled, you should not set this header. The IDs must be a sub-set of the user's accessible orgs. If you specify an org that the user does not have access to, the operation fails. If the header is not set, the operation is performed in scope of the user's accessible orgs.
`Accept-Encoding`	String	No	Include the `Accept-Encoding: gzip` header to compress responses as a gzipped file. It can significantly reduce the bandwidth required for a response. If specified, Zuora automatically compresses responses that contain over 1000 bytes of data, and the response contains a `Content-Encoding` header with the compression algorithm so that your client can decompress it.

Request body fields

Name	Type	Required	Description
`bankPostalCode`	String	No	An optional client parameter that can be used for validating client-side HPM parameters specific for Bank Transfer - Direct Debit. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`accountId`	String	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`tenantId`	String	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`businessIdentificationCode`	String	No	An optional client parameter that can be used for validating client-side HPM parameters specific for Bank Transfer - Direct Debit. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`currency`	String	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`id`	String	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`signature`	String	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`method`	String	Yes	The type of the request. Set it to POST.
`bankCity`	String	No	An optional client parameter that can be used for validating client-side HPM parameters specific for Bank Transfer - Direct Debit. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`authorizationAmount`	Number	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`key`	String	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`IBAN`	String	No	An optional client parameter that can be used for validating client-side HPM parameters specific for Bank Transfer - Direct Debit. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`locale`	String	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`pageId`	String	Yes	The page id of your Payment Pages 2.0 form. Click Show Page Id next to the Payment Page name in the Hosted Page List to retrieve the page id.
`pmId`	String	No	An optional client parameter that can be used for validating client-side HPM parameters specific for credit cards. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`param_gwOptions_[option]`	String	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`cityWhiteList`	String	No	An optional client parameter that can be used for validating client-side HPM parameters specific for credit cards. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`deviceSessionId`	String	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`uri`	String	Yes	The URL that the Payment Page will be served from. For US Cloud 1 Production environment: Use https://na.zuora.com/apps/PublicHostedPageLite.do For US Cloud 1 Sandbox environment: Use https://sandbox.na.zuora.com/apps/PublicHostedPageLite.do For US Cloud 2 Production environment: Use https://www.zuora.com/apps/PublicHostedPageLite.do For US Cloud 2 API Sandbox environment: Use https://apisandbox.zuora.com/apps/PublicHostedPageLite.do For US Central Sandbox environment: Use https://test.zuora.com/apps/PublicHostedPageLite.do For EU Cloud Production environment: Use https://eu.zuora.com/apps/PublicHostedPageLite.do For EU Cloud Sandbox environment: Use https://sandbox.eu.zuora.com/apps/PublicHostedPageLite.do For EU Central Sandbox environment: Use https://test.eu.zuora.com/apps/PublicHostedPageLite.do
`bankStreetNumber`	String	No	An optional client parameter that can be used for validating client-side HPM parameters specific for Bank Transfer - Direct Debit. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`maxConsecutivePaymentFailures`	Integer	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`paymentRetryWindow`	Integer	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`bankBranchCode`	String	No	An optional client parameter that can be used for validating client-side HPM parameters specific for Bank Transfer - Direct Debit. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`style`	String	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`gatewayName`	String	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`cityBlackList`	String	No	An optional client parameter that can be used for validating client-side HPM parameters specific for credit cards. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`paymentGateway`	String	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`passthrough[1,2,3,4,5]`	String	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details. Note: Although up to 15 passthrough parameters can be supported when passing in your client parameters, only the first 5 parameters are used for signature generation and validation.
`bankCheckDigit`	String	No	An optional client parameter that can be used for validating client-side HPM parameters specific for Bank Transfer - Direct Debit. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`token`	String	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`bankStreetName`	String	No	An optional client parameter that can be used for validating client-side HPM parameters specific for Bank Transfer - Direct Debit. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`param_supportedTypes`	String	No	An optional client parameter that can be used for validating client-side HPM parameters specific for credit cards. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`signatureType`	String	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`submitEnabled`	Boolean	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.
`useDefaultRetryRule`	Boolean	No	An optional client parameter that can be used for validating client-side HPM parameters. See Client parameters for Payment Pages 2.0 and Validate client-side HPM parameters for details.

How to start integrating

Add HTTP Task to your workflow definition.
Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
Click Test request to test run your request to the API and see the API's response.