Security Policies
The Security Policies setting allows administrators to manage and configure Zuora security policies.
This article describes security and password policies and considerations, including password restrictions and login lockout policies for all users.
API logins
To prevent your order processing from being interrupted unnecessarily, password expiration does not apply to API logins.
If you have enabled a password policy that requires that users change passwords after a period of time, any user ID that is used in the Zuora UI will trigger the password expiration notice and force a change. Because of this policy, Zuora recommends that you create a user ID with a recognizable name (for example, APIuser@mycompany.com ) for API integrations, and never use that user ID to log in to the Zuora UI. As long as you don't log into the UI with that user ID, you will not be asked to reset the password, and your API integration will remain unaffected by the expiration policy.
Security keys
In the Security Keys section, you can retrieve or regenerate your public and private keys. You use the keys when you implement Payment Pages 2.0.
See Obtain the public key for Payment Pages 2.0 about retrieving or re-generating your security keys in this section.