Update a payment method

This operation allows you to update an existing payment method.

The following request body fields can be updated for any payment method types except for Credit Card Reference Transaction:

  • authGateway
  • gatewayOptions
  • accountHolderInfo
  • ipAddress
  • Custom fields

The following request body fields can be updated only for the Credit Card payment method:

  • expirationMonth
  • expirationYear
  • securityCode

The following request body field can be updated for the Credit Card, Credit Card Reference Transaction, ACH, and Bank Transfer payment methods:

  • mandateInfo
path Parameters

Unique ID of the payment method to update.

header Parameters

Include the Accept-Encoding: gzip header to compress responses as a gzipped file. It can significantly reduce the bandwidth required for a response.

If specified, Zuora automatically compresses responses that contain over 1000 bytes of data, and the response contains a Content-Encoding header with the compression algorithm so that your client can decompress it.


Include the Content-Encoding: gzip header to compress a request. With this header specified, you should upload a gzipped file for the request payload instead of sending the JSON payload.


The value is in the Bearer {token} format where {token} is a valid OAuth token generated by calling Create an OAuth token.

string <= 64 characters

A custom identifier for tracing the API call. If you set a value for this header, Zuora returns the same value in the response headers. This header enables you to associate your system process identifiers with Zuora API calls, to assist with troubleshooting in the event of an issue.

The value of this field must use the US-ASCII character set and must not include any of the following characters: colon (:), semicolon (;), double quote ("), and quote (').


An entity ID. If you have Zuora Multi-entity enabled and the OAuth token is valid for more than one entity, you must use this header to specify which entity to perform the operation in. If the OAuth token is only valid for a single entity, or you do not have Zuora Multi-entity enabled, you do not need to set this header.


Comma separated IDs. If you have Zuora Multi-Org enabled, you can use this header to specify which orgs to perform the operation in. If you do not have Zuora Multi-Org enabled, you should not set this header.

The IDs must be a sub-set of the user's accessible orgs. If you specify an org that the user does not have access to, the operation fails.

If the header is not set, the operation is performed in scope of the user's accessible orgs.

Request Body schema: application/json
object (accountHolderInfo)

The account holder information. This field is not supported in updating Credit Card Reference Transaction payment methods.


The ID of the customer account associated with this payment method, such as 2x92c0f859b0480f0159d3a4a6ee5bb6.

Note: You can use this field to associate an orphan payment method with a customer account. If a payment method is already associated with a customer account, you cannot change the associated payment method through this operation. You cannot remove the previous account ID and leave this field empty, either.


Specifies the ID of the payment gateway that Zuora will use to authorize the payments that are made with the payment method.

This field is not supported in updating Credit Card Reference Transaction payment methods.


The currency used for payment method authorization.


The field used to pass gateway-specific parameters and parameter values. The fields supported by gateways vary. For more information, see the Overview topic of each gateway integration in Zuora Knowledge Center.

Zuora sends all the information that you specified to the gateway. If you specify any unsupported gateway option parameters, they will be ignored without error prompts.

This field is not supported in updating Credit Card Reference Transaction payment methods.


The IPv4 or IPv6 information of the user when the payment method is created or updated. Some gateways use this field for fraud prevention. If this field is passed to Zuora, Zuora directly passes it to gateways.

If the IP address length is beyond 45 characters, a validation error occurs.

For validating SEPA payment methods on Stripe v2, this field is required.


The mandate information for the Credit Card, Credit Card Reference Transaction, ACH, or Bank Transfer payment method.


The container for payment method processing options.


One or two digits expiration month (1-12).


Four-digit expiration year.


Optional. It is the CVV or CVV2 security code specific for the credit card or debit card. To ensure PCI compliance, this value is not stored and cannot be queried.

If securityCode code is not passed in the request payload, this operation only updates related fields in the payload. It does not validate the payment method through the gateway.

If securityCode is passed in the request payload, this operation retrieves the credit card information from payload and validates them through the gateway.

property name*
additional property

Custom fields of the payment method. The name of each custom field has the form customField__c. Custom field names are case sensitive. See Manage Custom Fields for more information.

Custom fields are not supported in updating Credit Card Reference Transaction payment methods.


Internal Server Error


Request Errors

Request samples
  • "accountHolderInfo": {
  • "expirationMonth": 8,
  • "expirationYear": 2024,
  • "securityCode": "123"
Response samples
  • "id": "2c92c0f86c99b4eb016cae1ee301728f",
  • "success": true