home

Basics

Zuora BillingZuora PaymentsZuora PlatformZuora CPQZephrZuora RevenueAccounts ReceivableRelease NotesBasicsEntitlementsSupport and policies
Zuora BillingZuora PaymentsZuora PlatformZuora CPQZephrZuora RevenueAccounts ReceivableRelease NotesBasicsEntitlementsSupport and policies

Welcome to Zuora Product Documentation

Explore our rich library of product information

Show Contents

thumbnailBasics

Zuora Billing testing environments

Sandbox comparison

References to help you understand the differences between Zuora sandbox environments.

General information

API Sandbox

Zuora Developer Sandbox

Zuora Central Sandbox

Does this sound like you?

  • I just want to test soon-to-be released features.

  • I want to perform data migration functional testing for a small customer base.

  • I want to test soon-to-be released features against the settings and configuration I have in Production.

  • I want to perform unit testing/integration development and testing.

  • I want to test features in an isolated environment using my own data.

  • I want to perform small scale data migration functional testing to validate functionalities.

  • I want to perform bill runs timing load tests for an expected increase in volume.

  • I want to perform data migration timing tests.

Suitable for

Previewing and functional testing new Zuora features before they are released to Production.

Unit testing and Integration development and Testing

Functional testing with cloned configuration and data.

Heavy-load performance and stress testing ([with guidelines])

Not suitable for

Performance and load testing

Performance and load testing

Testing beyond Zuora’s standard concurrent request limits and application limits.

Data migration testing

Yes

Suitable for less than 5,000 records

Yes

Suitable for less than 250,000 records

Yes

An example of 5,000 records would be 2500 accounts + 2500 subscriptions.

Infrastructure mimics production

No

No

Yes, fully hosted on AWS

Includes environment monitoring

Yes

Yes

Yes

Rollback policy

Rollbacks are not supported on any environment. Zuora recommends that you revert changes yourself – if possible. Reverting changes are possible before posting transactions on a bill run.

Hardware

AWS cloud

AWS cloud

AWS cloud

Location

https://apisandbox.zuora.com

https://sandbox.na.zuora.com

https://sandbox.eu.zuora.com

https://test.zuora.com

https://test.eu.zuora.com

https://test.ap.zuora.com

https://test.zuora.com

https://test.eu.zuora.com

https://test.ap.zuora.com

Supported API authentication schemes

OAuth 2.0 (recommended), username and password, authorization cookie, single-use tokens for CORS-enabled operations

OAuth 2.0 (recommended), username and password, authorization cookie, single-use tokens for CORS-enabled operations

OAuth 2.0 (recommended), username and password, authorization cookie, single-use tokens for CORS-enabled operations

Data retention

Invoice pdf files will be archived after three months for all sandboxes.

Refresh policy

Zuora performs sandbox refreshes for either a new Zuora version or for a data snapshot update.

Note:

All data in your central or developer sandbox is deleted during the refresh process, and the data from your production environment is copied over to the sandbox. For CSBX, it is the full configuration and transactional data, whereas for the Developer sandbox, it is only the metadata from production that is brought over.

API Sandbox

Zuora Developer Sandbox

Zuora Central Sandbox

Code base refresh with latest Zuora version

Yes

Automatically refreshed approximately one week before the production release. Production releases are deployed on a weekly basis unless the scheduled date is close to the month-end.

API Sandbox is also automatically refreshed for maintenance releases.

Yes

Automatically refreshed.

Maintenance releases also occur in this environment, following the same production release schedule.

Note that release for Zuora Developer Sandbox may occur a few days prior to, or following the production release.

Yes

Automatically refreshed. Refreshes follow the API Sandbox release schedule.

Maintenance releases also occur in this environment, following the same production release schedule.

Note that release for Zuora Central Sandbox may occur a few days prior to, or following the production release.

Data snapshot (includes scrubbed data copied from production)

No

You are responsible for loading your data, including creating user logins and global tenant settings.

On-demand. Refresh is limited to twice per month.

Scrubbed data includes user logins, emails, and global settings

On-demand. Refresh is limited to once per month.

Scrubbed data includes user logins, emails, and global settings.

Historical PDF-generated invoices

No

You must generate PDF invoices from scratch.

No

You must generate PDF invoices from scratch.

No

You must generate PDF invoices from scratch.

Scrubbed data

API Sandbox

Zuora Developer Sandbox

Zuora Central Sandbox

Commerce

Zuora for Salesforce - 360 Sync

N/A

Credentials are scrubbed on the first copy. Once credentials are updated in the Developer Sandbox, it is retained on subsequent refreshes.

Credentials are scrubbed on the first copy. Once credentials are updated in the Central Sandbox, it is retained on subsequent refreshes.

Commerce Portal

N/A

  • Users are removed

  • User Emails

  • Users are removed

  • User Emails

Customer Catalog

N/A

No information needs to be scrubbed.

No information needs to be scrubbed.

Promotion Codes

N/A

No information needs to be scrubbed.

No information needs to be scrubbed.

Billing and Payments

Customer Account

N/A

Bill To and Sold To Contact information:

  • First name, Last name, and Nickname fields

  • Work and Personal Email

  • Work, Mobile, Home and Other phone numbers, and Address fields

  • Default Payment Method plus any Electronic Payment Methods

Bill To and Sold To Contact information:

  • First name, Last name, and Nickname fields

  • Work and Personal Email

  • Work, Mobile, Home and Other phone numbers, and Address fields

  • Default Payment Method plus any Electronic Payment Methods

Avalara integration

N/A

Credentials are scrubbed on the first copy. Once credentials are updated in the Developer Sandbox, it is retained on subsequent refreshes.

Credentials are scrubbed on the first copy. Once credentials are updated in the Central Sandbox, it is retained on subsequent refreshes.

Notifications and callouts

N/A

N/A

Settings are scrubbed after the initial Central Sandbox refresh. You must configure the notifications and callouts settings once, and they will be retained in your Central Sandbox after every subsequent refresh. The following settings will be impacted and must be reconfigured:

  • Callout definitions

  • Callout credentials

  • Callout base URLs

  • SMTP server configuration settings

Payment Method

N/A

After a Zuora Developer Sandbox is provisioned, the previous payment methods are no longer available in the Developer Sandbox environment. You have to create new payment methods.

After a Zuora Central Sandbox is provisioned, the previous payment methods are no longer available in the Central Sandbox environment. You have to create new payment methods.

Payment Gateway configurations

N/A

Credentials are scrubbed on the first copy. Once credentials are updated in the Developer Sandbox, it is retained on subsequent refreshes.

Credentials are scrubbed on the first copy. Once credentials are updated in the Central Sandbox, it is retained on subsequent refreshes.

Finance Finance

NetSuite

N/A

NetSuite integration credentials

NetSuite integration credentials

Additional add-ons

Workflow

N/A

  • User Emails

  • Scheduled Workflows are disabled

  • Authentication tokens will be re-generated

  • Historical jobs are excluded

  • SMTP Settings

  • Global Constants are not copied over. Once configured in the Developer Sandbox, they persist through subsequent refreshes.

  • User Emails

  • Scheduled Workflows are disabled

  • Authentication tokens will be re-generated

  • Historical jobs are excluded

  • SMTP Settings

  • Global Constants are not copied over. Once configured in the Central Sandbox, they persist through subsequent refreshes.

Collections (all apps)

N/A

  • Account Name

  • API Tokens

  • Usernames, Emails and Company

  • Collections Manager schedules are excluded

  • Statement Generator schedules are excluded

  • SMTP Settings

  • Account Name

  • API Tokens

  • Usernames, Emails and Company

  • Collections Manager schedules are excluded

  • Statement Generator schedules are excluded

  • SMTP Settings

Appstore connector

N/A

Account Name

Account Name

Tax Connector

N/A

  • Seller Company Name, Address, Tax Codes

  • Credentials

  • Historical Tax Requests excluded

  • Seller Company Name, Address, Tax Codes

  • Credentials

  • Historical Tax Requests excluded

OAuth

NA

OAuth credentials scrubbed

OAuth credentials scrubbed

Support for Zuora features, add-ons, integrations

Feature

API Sandbox

Zuora Developer Sandbox

Zuora Central Sandbox

Notifications

Yes

Yes

Yes

Callouts

Yes

Yes

Yes

Single Sign-on

Yes

Yes

Yes

Two-factor Authetication

Yes

Yes

Yes

Reporting

Yes

Yes

Yes

New Invoice File Generation Service

Yes

Yes

Yes

New Quote File Generation Service

Yes

Yes

Yes

Orders UI, including creating Orders through the UI

Yes

Yes

Yes

Settings API

Yes

Yes

Yes

Data Query

Yes

Yes

Yes

Analytics

Yes

Yes

Yes

Custom Objects

Yes

Yes

Yes

Custom Logic

Yes

Yes

Yes

Events and Triggers

Yes

Yes

Yes

Add-ons and integrations

API Sandbox

Zuora Developer Sandbox

Zuora Central Sandbox

Zuora for Salesforce

Yes

Yes

Yes

Zuora requires a 1-to-1 relationship with Salesforce for each Zuora environment.

Zuora 360

Manual, on-demand and scheduled

Yes

Yes

Zuora 360+

Real-Time Sync

Yes

Yes

Z-Suite

Yes

Yes

Yes

Avalara Connector

Yes

Yes

Yes

Payment Gateways

Yes Includes any gateway that is supported in production

Yes

Yes

Insights

No

No

No

Collections

Yes

Yes

Yes

Performance guidelines

Zuora has established guidelines for optimal performance of your sandbox environment. If you plan to test over the recommended guideline volumes within a 24-hour period, contact Zuora Global Support.

Zuora recommends that you follow the same guidelines in your production environment as in your central sandbox environment.

Zuora Developer Sandbox

Zuora Central Sandbox

API Testing

Yes

> 50,000 API calls

Yes

> 500,000 API calls

Total Data Store

Yes

250,000 records (Total accounts and subscriptions)

Yes

Similar to Production (Production copy)

Data Load Testing

Yes

> 500,000 records**

Mediation meter volume limits

Zuora recommends that you follow the same guidelines in your production environment as in your central sandbox environment.

API Sandbox

Zuora Developer Sandbox

Zuora Central Sandbox

Data file upload

  • 10MB

  • 10K rows

  • Per file Size is not configurable.

  • Rows are configurable.

  • Format: CSV with header, ndjson, JSON, Parquet

  • 10MB

  • 10K rows

  • Per file Size is not configurable.

  • Rows are configurable.

  • Format: CSV with header, ndjson, JSON, Parquet

  • 20MB

  • 20K rows

  • Per file Size is not configurable.

  • Rows are configurable.

  • Format: CSV with header, ndjson, JSON, Parquet

Streaming API

  • 1MB payload size

  • 1K rows/ each API call

  • 600 API calls/ min

  • Format: MultiJson, Single JSON

  • 2M payload size

  • 5K rows/ each API call

  • 5,000 API calls/ min

  • Format: MultiJson, Single Json

  • 4M payload size

  • 10K rows/ each API call

  • 50,000 API calls/ min

  • Format: MultiJson, Single JSON

S3 source

  • Total Storage: Up to 5G

  • Retention Policy: 7 days

  • Format: CSV with header, ndjson, Parquet

  • Total Storage: Up to 10G

  • Retention Policy: 7 days

  • Format: CSV with header, ndjson, Parquet

  • Total Storage: Same as required for production

  • Retention Policy: 1 month

  • Format: CSV with header, ndjson, Parquet

S3 target

  • Total Storage: Up to 5G

  • Retention Policy: 7 days

  • Format: ndjson

  • Total Storage: Up to 10G

  • Retention Policy: 7 days

  • Format: ndjson

  • Total Storage: Same as required for production

  • Retention Policy: 1 month

  • Format: ndjson

Kafka

  • 4KB single message size

  • 10K messages/ min

  • 4KB single message size

  • 20K messages/ min

  • Same as required for production

Event Store

  • Up to 5G total storage

  • 20 event stores

  • Retention Policy: 7 days

  • Up to 10G total storage

  • 20 event stores

  • Retention Policy: 7 days

  • Same as required for production

  • Retention Policy: 1 month

Deduper

  • Retention Policy: 7 days

  • Unique Key: 100K

  • Retention Policy: 7 days

  • Unique Key: 100K

  • Same as required for production

Meter creation number

  • 20 meters

  • 40 meters

  • Same as required for production

Meter run number

  • 2 runs simultaneously

  • 3 runs simultaneously

  • 5 runs simultaneously

Prefetch

  • 5 different custom object tables simultaneously prefetch

  • 5 different custom object tables simultaneously prefetch

  • Same as required for production

Audit Trail download size

  • 100K records

  • 100K records

  • Same as required for production

Audit Trail sample retention policy

  • 7 days

  • 7 days

  • Default: 1 month

  • Configurable

Limits policy

API Sandbox

Zuora Developer Sandbox

Zuora Central Sandbox

Concurrent request limits

Bounded by Policy

Bounded by Policy

Bounded by Policy

Note:

When the storage limits for records are reached, you are prevented from creating additional records that exceed the specified limits. If API calls exceed the set limits, any subsequent API calls made within the 24-hour window are unsuccessful. The limits for API usage in API Sandbox and Developer Sandbox environments cannot be increased. However, you can purchase a Central Sandbox environment with higher data storage limits.

If Customer's use of the Service exceeds the usage limits in the applicable contracts or as described in this reference for any products provided, Customer must either purchase additional usage, if applicable, or move to the next edition of the Service. If Customer does not choose either of the options, Customer shall be considered out of compliance with such Service.

Security

API Sandbox

Zuora Developer Sandbox

Zuora Central Sandbox

PCI-compliant

Yes

No

No

SOC 1 and SOC 2-compliant

Yes

Yes

Yes

HIPAA-compliant

Yes

Yes

Yes

IP Whitelist

Yes

Yes

Yes

Two-factor Authentication

Yes

Yes

Yes

Zuora is committed to safeguarding the security, confidentiality, integrity, and availability of all physical and electronic information assets of the Company to ensure that regulatory, operational, and contractual requirements are fulfilled. Zuora's internal controls are benchmarked against industry standards such as ISO27001, ISO27018, PCI DSS Level 1, SOC 1, SOC 2 and HIPAA. Zuora Central Sandbox will be included in future ISO27001, ISO27018, PCI DSS Level 1, SOC 1, SOC 2 and HIPAA assessments starting in the fall of 2020.

Provisioning and refreshing data

Zuora provides the following guidelines for provisioning and data refresh turnaround times for test environments. We continuously strive to optimize performance and provide the best possible turnaround times for you.

When a Zuora Central Sandbox is provisioned, it will execute a data copy process that brings over a snapshot of your production data, with sensitive and PII data scrubbed. Subsequently, every data refresh request takes a new snapshot of your scrubbed production data. In both cases, the complete snapshot of your production data is taken as of the date and time when the request is submitted, as the data copy process will be triggered at a time after your request is made. The scheduled runs, including Bill Run and Payment Run, are not copied from your production environment to Zuora Central Sandbox during the provisioning or refreshing process.

For most tenants, the data copy can be completed within less than 3 business days. For larger tenants, it can take longer time to complete the data copy. A full data snapshot of the previous month might take longer during the first week of the month when data refresh requests peak.

API Sandbox

Zuora Developer Sandbox

Zuora Central Sandbox

Provisioning turnaround

Immediate with logins

2-3 business days

Includes a copy of production configuration data.

2-3 business days

Includes a copy of production data. Turn around is the best effort, and it may be longer for large size tenants.

Snapshot of production configuration data

None

Included

Included

Snapshot of production transactional data

None

Not included

Included

Snapshot refresh frequency

None

Once every 14 Days

Once every 28 Days

Refresh snapshot requests

None

Refresh Developer Sandbox in Production

Refresh turn around time can approximately take 1-3 days, managed as best effort with larger tenants taking longer.

Refresh Central Sandbox in Production

Refresh turn around time can approximately take 1-3 days, managed as best effort with larger tenants taking longer.

Last updated: October 10, 2025