Z

zuora.com

Zuora provides subscription billing, payments, and related order-to-revenue platform services. It also offers Zephr, a product for digital subscription experiences and entitlement management.

3 integrations · MCP · REST

Zuora exposes a Billing REST API with OAuth or legacy API-key auth, a remote MCP server authenticated with OAuth 2.0, and the Zephr Admin API authenticated by HMAC key pairs.

discovered 1d ago
MCP servers1
REST · OpenAPI2
Credentials
Zuora OAuth client (client ID + client secret)oauth2_ccSet up OAuth

Have a Zuora tenant administrator create an OAuth client for a user in the Zuora UI / OneID. Zuora's getting-started guide points to OAuth client setup steps, and the REST auth docs say to create an OAuth client in the Zuora UI before calling the token endpoint. Store the resulting client_id and client_secret, then exchange them for a bearer token with grant type client_credentials at https://one.zuora.com/oauth2/token or the tenant REST /oauth/token endpoint as documented in Get started and OAuth.

Zuora API user access keys (`apiAccessKeyId` + `apiSecretAccessKey`)compound

Create a dedicated API user in your Zuora tenant with the needed permissions, then use that user's legacy API access credentials. The Zuora Billing REST spec documents this legacy auth using request headers apiAccessKeyId and apiSecretAccessKey, and links to Create an API User for setup. See the auth section in the Billing OpenAPI spec.

Zuora MCP OAuth client (client ID + client secret for authorization code)oauth2Set up OAuth

In OneID, go to Create OAuth 2.0 credentials for remote MCP client. An administrator opens Settings > Manage OAuth 2.0 Clients, clicks + New, selects grant type Authorization Code, type MCP Client, application type Billing, and enters the client-specific redirect URI. Save and securely store the displayed Client ID and Client Secret. Zuora's detected OAuth endpoints are https://one.zuora.com/oauth2/authorize and https://one.zuora.com/oauth2/token. Create one OAuth client per MCP agent/client as recommended by Zuora.

Zephr Admin API HMAC key pair (access key + secret key)signatureGet key

In the Zephr admin console, open your admin user settings and go to Key Pairs, then click Issue Key Pair as described in HMAC request signing and key pair. Save the displayed Access Key and Secret Key immediately because the secret cannot be recovered later. Requests to the Zephr Admin API are signed in the Authorization header as ZEPHR-HMAC-SHA256 ... using this key pair.

conventions · 1/8 published

Publish these signals → /publishing