Okay, since posting my original question, I found https://knowledgecenter.zuora.com/CA_Commerce/T_Hosted_Commerce_Pages/B_Payment_Pages_2.0/P_Implement_Direct_POST_for_Payment_Methods, which is similar to the CORS solution. Instead of creating a form that posts directly to Zuora, I am submitting an ajax post request to https://apisandbox.zuora.com/apps/PublicHostedPageLite.do . Unfortunately, I'm getting this response: XMLHttpRequest cannot load https://apisandbox.zuora.com/apps/PublicHostedPageLite.do. Redirect from 'https://apisandbox.zuora.com/apps/PublicHostedPageLite.do' to 'https://apisandbox.zuora.com/apps/login.do?method=redirect&retURL=%2Fapps%2FPublicHostedPageLite.do' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://<my-origin>' is therefore not allowed access. It looks like a response I'd get if not authenticated. The only header I'm sending is Content-Type of application/x-www-form-urlencoded. Unlike the other CORS requests, I'm not sending in signature and token with the headers - when I do, the request comes back with a preflight error. The fields I'm posting with the request are: field_achBankABACode field_achBankAccountName field_achBankAccountNumber field_achBankAccountType field_achBankName field_key - public key field_style - iframe host - my host id - hosted page id (created in zuora) method - submitPage signature - one time key provided by zuora tenantId - provided by zuora token - one time key provided by zuora Are there any good examples of creating ACH payment methods via the API or solutions for fixing the problem above? Thanks!
... View more