Google Pay Processing
Google Pay
Google Pay™ is a digital wallet platform and online payment system offered by Google Inc. Merchants can add the payment service to websites and apps. Users with Android devices can add payment cards to Google Pay and use those cards to make payments in stores, in apps, and on websites.
Google Pay is supported on Android phones, tablets, and watches. In retail stores, Google Pay uses Near Field Communication (NFC) to transmit card information, facilitating funds transfer to the retailer. It replaces the credit or debit card chip and PIN or magnetic stripe transaction at point-of-sale terminals by allowing the user to upload card data in the Google Pay wallet. The service lets Android devices wirelessly communicate with point of sale systems using a near field communication (NFC) antenna, host-based card emulation (HCE), and Android's security.
Google Pay takes advantage of physical authentications such as fingerprint ID where available. On devices without fingerprint ID, Google Pay is activated with a passcode. When the user makes a payment to a merchant, Google Pay does not send the credit or debit card number with the payment. Instead, it generates a virtual account number representing the user's account information. This service keeps customer payment information private by sending a one-time encryption token instead of the card or user details.
Users can add payment cards to the service by taking a photo of the card, or by entering the card information manually. To pay at a point of sale, a user holds an authenticated device near the point of sale system.
Customer can also make a payment with Google Pay in apps or on websites that offer Google Pay as a payment method.
As a merchant integrating with Google Pay, you must adhere to the Google Pay APIs Acceptable Use Policy and accept the terms defined in the Google Pay API Terms of Service.
Configuration Setup
To be configured for Google Pay, your web store must complete the request process to obtain production access. With approval, Google provides you with instructions for registration and production access to the Google Pay API. In this step, Google provisions a merchantId value that you will use specifically with the Google Pay API.
Web Setup
Before using Google Pay from web, a user must add a payment method to the wallet or enter the card information manually. The payment method is stored in the wallet for future use. See Web Integration for details.
Android Setup
Before using Google Pay from an app, a user must add a payment method to the Android device. Users can add credit cards to the service by taking a photo of the card, or by entering the card information manually. A token is issued and stored in the wallet for future use. See App Integration for details.
Payment Service Support for Google Pay Integration
Radial's Payment Service provides APIs that can be used to integrate with Google Pay both for in-app purchases on mobile devices and purchases made on store websites.
Google Pay Integration Flow
This is the flow to complete a Google Pay transaction for the single request integration using Radial payment service APIs.
- At checkout, when a Google Pay user taps the Google Pay button, a payment sheet displays the payment methods that have been saved to the Google Account and optional fields such as a shipping address.
- The user can select a payment method in the wallet, or add new payment information, and provide shipping address if required
- The client application connects to the Google server with gateway ID radialpayments and using their store ID as the gateway merchant ID, and receives encrypted payment token data in JSON format.
- The client application creates a CreditCardAuth request including the authorization amount, GooglePaySigningKey (key signature, value, and expiration), EphemeralPublicKey, Tag, Version, encryption signature, and encrypted token.
- The client application sends the CreditCardAuth request to Radial's Payment Service.
- Radial's Payment Service uses its private key along with the ephemeral public key passed in the API call to decrypt the payment data.
- The Payment Service processes the request as a regular Card Not Present transaction and returns a success or failure response.
- The client application receives the success or failure response and prompts the user accordingly.
Google Pay PaymentMethodToken Payload Example
{
"signature":"MEUCICx6HeNozaC9OlbQ/auODUSMM3LMbIG6ifR92n1Sg6wsAiEAhMUCzr65DJEaq1kzvYRhqB2OjgUF0KTOfe0J9wE2sUk\u003d",
"intermediateSigningKey":{
"signedKey":"{\"keyValue\":\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENmrxs4pIO3t5U69sDzzPuxQBiF8L16Qq7N7ngwaIA8c9MPaU5T28TOtthYZbx5OxmhKxX+ENC7TOv4ctIU8v1Q\\u003d\\u003d\",\"keyExpiration\":\"1583311459742\"}",
"signatures":[
"MEYCIQCQaFdqxE5qvi239ARVW08jgN3kd2Mu82mxT71yekL5KAIhANQv5GN8B+ZybzTf+bmmP/nLkVMXZOkVAcpA0xxw/5N/"
]
},
"protocolVersion":"ECv2",
"signedMessage":"{\"encryptedMessage\":\"Rv9kJ8ppjdTU75ScLQNl7NrRxCM0rTb/Vrqrv8ojo9E2RKzvcjF7XzXwtWsW19Su0PLcVUViZBQ4hrbdTWzkgvUZt5dUTdlXf5Oc/IiaZXCHhcNJxOOzTdIVQ4z585zAqC75XeE5g/9Nj/LN8gvTt39AyGicTh7sEu4v5Y2/VMqY/LGZSrt7Hrva6kb+Gh0F0CB1+97GWjAb1ocoIQqIP9LyS2ZxZ1gbxqa65r5U8+EfUIrG/KXcmZjjMPeaWsRnp2qR3dLWXz6ERZTvDHwUYUg8q6A5BfAjw7jzxvpWQYA3TduVraIWGuMUG58rHGY86fk4m+4F0dEDHW1wypawFQISinGlkuEiFEHq09oXQ19dRxqqaE0KR6VmFEoUHp3iPcpjhOsC8583STBh8eVMCH49Ws18ZdgSTrZ4lKqDPOYpgblKf1cq5cHQysHGLVvDJULurPy2GvwF1jbC1tZQ26jE0joXlepF\",\"ephemeralPublicKey\":\"BHkCxK41VgmFSyQRozlf7jm0Kqm9S6VbyVwB6UzyS4pWw5oOj9LNrwHRqI2GgUnZ5GUhJmiMCkD89dph+OBXgMg\\u003d\",\"tag\":\"Gv3Y4yyc2w5z3BOqURQWFp7f3sHWzzkET/EnefgAWvY\\u003d\"}"
}
APIs Used
Google Pay integration uses the following API
- Credit Card Auth API
URI Summary
Action | URI Template | URI Example | Non-URI Request | Response | Note |
---|---|---|---|---|---|
POST | /v[M.m]/stores/[StoreID]/ payments/creditcard/auth/ [TenderCode].[format] |
/v1.0/stores/store123/ payments/creditcard/auth/DW.xml |
XML | 200 + XML response | StoreID the same as gateway merchant id |
Request Example
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CreditCardAuthRequest xmlns="http://api.gsicommerce.com/schema/checkout/1.0" requestId="1234567">
<WalletPaymentInformation>
<GooglePaySigningKey>
<Signature>MEQCIFGSsF7iR5xwikWkOgJH//iWwH+T8HGSeVBKvwx8CUmaAiAi504erSm1RGc8ML1c0BDmsKXEx4nIV6MKPDMAouXv5g\u003d\u003d</Signature>
<Value>MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkObfp/N6pZWrSiitgQskQoD+LhrVNZpc5OxH5nwdoyWHAFzMbXHVk5oK4z8+2lx8GZ+J1LCa2NDUwmGEGW8Kcw\u003d\u003d</Value>
<Expiration>1570171869038</Expiration>
</GooglePaySigningKey>
<EphemeralPublicKey>BMLuyqMv0puSlEkaGItWfMEhXkaKjMJ4NfQ2ybTmSVDmOdoOnA3Sv9kgzx3vjLWv+++YJboP/lTrZmXoU2tOsG0\u003d</EphemeralPublicKey>
<Tag>cH9Uitc/eOKJV+pIvmBms6b5A5PdRJi89+xTVWxxblc\u003d</Tag>
<Version>ECv2</Version>
<Data>rs97b9L243rd/eV6e7FYTqIfqOcA28jq0hgea6IcPrFZrQZg6/jtLLr0QY/NGY3PIiYlSv7cjslD1MznBmEHjqWoueZUufuE0SvbHSyJodJbx/ABxEc6pbUKFD0OHGbWwZAusIP7eE19AKR3gUwfHYGlAUJcpUXs2z6eFbFLiBve3yGn5oauzxLzwoUkt5O2OUbOyLR17WIIz7bWogynJrfLIVGtk72y7PLUH+ewOv6T91C+tILeK+2xgwvJt/sQTonRwh4DQDtecqCFpMGxnOEgvjynZxubcLIMPfsRjkRdWAbyd2CNHVPhtoE++LNXzqxbQFiT81fDUSHv1Q6AUtxeuACQulckazi51SrPd+uxxAjuCHBQZbRWuZZIN2pVypdu1iGePLjAO7dEqlO+ppT0hUQbrMJjFRPmYlAhSgF5Pc4NDf+IyqdU3A+P6kt2fwuHwHsY4o7JCAb7qwtrGgmGpSkBU50UHtzI3qrQ8GraJ0N3FUx/Lst4VWGAwUAwNOPpnHnAeYbgho6nVECQ2yGbV+mwYR6oA0LXuK2ZeBPsiUOL</Data>
<Signature>MEQCIBHBJhV144JGM2OIGYof7FdXFmQPvPa4IhEgW0BJRbGPAiABL/Z7GucSxvuyofNDkJSuak8ZwXnFZ02W8BHsOk7ovQ\u003d\u003d</Signature>
</WalletPaymentInformation>
<OrderId>1</OrderId>
<Amount currencyCode="USD">14.99</Amount>
<BillingFirstName>John</BillingFirstName>
<BillingLastName>Smith</BillingLastName>
<BillingPhoneNo>6101234567</BillingPhoneNo>
<BillingAddress>
<Line1>123 Main St</Line1>
<Line2>Building 123</Line2>
<Line3>4th Floor</Line3>
<Line4>Apt 12</Line4>
<City>Philadelphia</City>
<MainDivision>PA</MainDivision>
<CountryCode>US</CountryCode>
<PostalCode>19019</PostalCode>
</BillingAddress>
<CustomerEmail>customer@sample.com</CustomerEmail>
<CustomerIPAddress>208.247.73.130</CustomerIPAddress>
<ShipToFirstName>John</ShipToFirstName>
<ShipToLastName>Smith</ShipToLastName>
<ShipToPhoneNo>6101234567</ShipToPhoneNo>
<ShippingAddress>
<Line1>123 Main St</Line1>
<Line2>Building 123</Line2>
<Line3>4th Floor</Line3>
<Line4>Apt 12</Line4>
<City>Philadelphia</City>
<MainDivision>PA</MainDivision>
<CountryCode>US</CountryCode>
<PostalCode>19019</PostalCode>
</ShippingAddress>
</CreditCardAuthRequest>
Request Elements
Element | Required | Description | Type | Restriction |
---|---|---|---|---|
CreditCardAuthRequest/WalletPaymentInformation | Yes | Digital Wallet Payment Information | ComplexType | |
CreditCardAuthRequest/WalletPaymentInformation /GooglePaySigningKey/Signature |
Yes | Signature from key signing, corresponding to intermediateSigningKey/signatures |
String | |
CreditCardAuthRequest
/WalletPaymentInformation/ GooglePaySigningKey/Value |
Yes | Signing key, corresponding to intermediateSigningKey/signedKey/keyValue |
String | |
CreditCardAuthRequest/WalletPaymentInformation/ GooglePaySigningKey/Expiration |
Yes | Signinng key expiration, corresponding to intermediateSigningKey/signedKey/keyExpiration |
String | |
CreditCardAuthRequest
/WalletPaymentInformation/ EphemeralPublicKey |
Yes | A Base64 encoded ephemeral public key associated with the private key to encrypt the message, corresponding to signedMessage/ephemeralPublicKey |
String | |
CreditCardAuthRequest/WalletPaymentInformation/ Tag |
Yes | Base64 encoded MAC of encrypted payment data, corresponding to signedMessage/tag |
String | |
CreditCardAuthRequest/WalletPaymentInformation/ Version |
Yes | Google Pay version of payment service integration, e.g. ECv2, corresponding to protocolVersion |
String | |
CreditCardAuthRequest/WalletPaymentInformation/ Data |
Yes | Encrypted Payment Data, corresponding to signedMessage/encryptedMessage |
Base64 encoded string | |
CreditCardAuthRequest/WalletPaymentInformation/ Signature |
Yes | Verifies that the message came from Google, Base64-encoded and created with ECDSA by the signing key, corresponding to signature |
Base64 encoded string | |
CreditCardAuthRequest/OrderId | Yes | Unique identifier of the order The client must ensure uniqueness of OrderIds across all orders that the client initiates with this service. | String | Min 1 character Max 20 characters |
CreditCardAuthRequest/Amount | Yes | Amount value to authorize for the order | String | Positive decimal, up to two decimal places(for example, 4.75) |
CreditCardAuthRequest/Amount/ @currencyCode |
Yes | Type of currency used for the amount | String | 3-character ISO 4217 code (for example, USD, CAD, EUR). See http://en.wikipedia.org/wiki/ISO_4217. |
CreditCardAuthRequest/BillingFirstName | Yes | First name of the person on the billing address of the credit card | String | |
CreditCardAuthRequest/BillingLastName | Yes | Last name of the person on the billing address of the credit card | String | |
CreditCardAuthRequest/BillingPhoneNo | Yes | Phone number of the person on the billing address of the credit card | String | |
CreditCardAuthRequest/BillingAddress | Yes (for AVS verification) | Billing address of the credit card | ComplexType | |
CreditCardAuthRequest/BillingAddress/Line1 | Yes |
Line# components of the street address and, if necessary, suite and building identifiers for the physical address. Line1 is required. Line2, Line3, and Line4 are optional. Include them only if the data exists. A blank AddressLine element will fail validation. |
String |
1 to 70 characters. |
CreditCardAuthRequest/BillingAddress/Line2 | No |
String |
1 to 70 characters. |
|
CreditCardAuthRequest/BillingAddress/Line3 | No |
String |
1 to 70 characters. |
|
CreditCardAuthRequest/BillingAddres/Line4 | No |
String |
1 to 70 characters. |
|
CreditCardAuthRequest/BillingAddress/City | Yes | Name of the city | String | Min 1 character Max 40 characters |
CreditCardAuthRequest/BillingAddress/MainDivision | No | Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2. | String | Min 1 character Max 35 characters |
CreditCardAuthRequest/BillingAddress/CountryCode | Yes | Two digit ISO 3166 alpha 2 code country code. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 | String | Min 2 characters Max 40 characters |
CreditCardAuthRequest/BillingAddress/PostalCode | No | String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, US ZIP code) | String | Min 1 character Max 15 characters |
CreditCardAuthRequest/CustomerEmail | Yes | Email address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors. | String | Min 1 character Max 70 characters |
CreditCardAuthRequest/CustomerIPAddress | Yes | IP address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors. | IPv4Address | Valid dotted quad IPv4 Address |
CreditCardAuthRequest/ShipToFirstName | Yes | First name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | String | |
CreditCardAuthRequest/ShipToLastName | Yes | Last name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | String | |
CreditCardAuthRequest/ShipToPhoneNo | No | Phone number of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. | String | |
CreditCardAuthRequest/ShippingAddress | Yes | First/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. For orders that do not have a shipping address, pass the billing address as the shipping address. | ComplexType | |
CreditCardAuthRequest/ShippingAddress/Line1 | Yes |
Line# components of the street address and, if necessary, suite and building identifiers for the physical address. Line1 is required. Line2, Line3, and Line4 are optional. Include them only if the data exists. A blank AddressLine element will fail validation. |
String |
1 to 70 characters. |
CreditCardAuthRequest /ShippingAddress/Line2 | No |
String |
1 to 70 characters. |
|
CreditCardAuthRequest/ShippingAddress/Line3 | No |
String |
1 to 70 characters. |
|
CreditCardAuthRequest/ShippingAddress/Line4 | No |
String |
1 to 70 characters. |
|
CreditCardAuthRequest/ShippingAddress/City | Yes | Name of the city | String | Min 1 character Max 40 characters |
CreditCardAuthRequest/ShippingAddress/MainDivision | No |
Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2. |
String | Min 1 character Max 35 characters |
CreditCardAuthRequest/ShippingAddress/CountryCode | Yes | Two digit ISO 3166 alpha 2 code country code. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 | String | Min 2 characters Max 40 characters |
CreditCardAuthRequest/ShippingAddress/PostalCode | No |
String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, U.S. ZIP code) |
String | Min 1 character Max 15 characters |
Reply Example
The response is a CreditCardAuthReply message.
<?xml version="1.0" encoding="UTF-8"?>
<CreditCardAuthReply xmlns="http://api.gsicommerce.com/schema/checkout/1.0">
<PaymentContext>
<OrderId>1</OrderId>
<!-- You will receive a token in the response, which is a scrambled version of the Credit Card number.
This token gets passed to the Order Service, not the original credit card number -->
<PaymentAccountUniqueId isToken="true">4054131ImpMJ6965</PaymentAccountUniqueId>
</PaymentContext>
<ResponseCode>APPROVED</ResponseCode>
<AuthorizationResponseCode>AP01</AuthorizationResponseCode>
<BankAuthorizationCode>614653</BankAuthorizationCode>
<CVV2ResponseCode>0</CVV2ResponseCode>
<AVSResponseCode>E</AVSResponseCode>
<PhoneResponseCode></PhoneResponseCode> <!-- AmEX only -->
<NameResponseCode></NameResponseCode> <!-- AmEX only -->
<EmailResponseCode></EmailResponseCode> <!-- AmEX only -->
<AmountAuthorized currencyCode="USD">14.99</AmountAuthorized>
<TenderType>VC</TenderType>
</CreditCardAuthReply>
Response Elements
Element | Required | Description | Type | Restriction |
---|---|---|---|---|
CreditCardAuthReply/PaymentContext | Yes |
Unique identifier of the payment transaction for the order |
ComplexType | |
CreditCardAuthReply/PaymentContext/ OrderId |
Yes | Unique identifier of the order. The client must ensure uniqueness of OrderIds across all orders that the client initiates with this service. | String | Min 1 character Max 20 characters |
CreditCardAuthReply/PaymentContext/ PaymentAccountUniqueId |
Yes |
Token (scrambled version) of the PAN (payment account number such as a credit card number). When passing the PAN for the PaymentAuthCancelRequest and the PaymentSettlementRequest messages, always use the returned token, not the original PAN. |
String | Min 1 character Max 22 characters |
CreditCardAuthReply/PaymentContext/ PaymentAccountUniqueId/ @isToken |
Yes | Attribute that indicates whether the PAN is tokenized. In the CreditCardAuthReply message, this attribute is always set to true. | String | true |
CreditCardAuthReply/ResponseCode | No |
Response code of the credit card authorization. Includes approved, timeout, and several decline codes. Only orders with an approved or timeout response code are submitted to the Order Service. See Authorization Response Codes for a list of codes. |
String |
SchemaVersion in the Request Message has to be equal to or greater than 1.1 in order to receive this element |
CreditCardAuthReply/ AuthorizationResponseCode |
Yes |
Response code of the credit card authorization. This includes approval, timeout, and several decline codes. See Authorization Response Codes for a list of codes. |
String | |
CreditCardAuthReply/BankAuthorizationCode | Yes |
Authorization code returned by the payment processor upon a successful credit card authorization. Any order taken by the Order Service and paid by credit card MUST have this authorization code. |
String | |
CreditCardAuthReply/CVV2ResponseCode | Yes |
Payment processor response code for the CVV2 (card verification value) check. For most credit cards, you get an approval on the ResponseCode even if the CVV2ResponseCode returns a CVV2 failure. You CANNOT accept an order if the CVV2ResponseCode returns a CVV2 failure code. See CVV2 Response Codes for a list of codes. |
String | |
CreditCardAuthReply/AVSResponseCode | Yes |
Payment processor response for the Address Verification System (AVS) check. For most credit cards, you get an approval on the ResponseCode even if the AVSResponseCode returns an AVS failure code. It is typically considered a significant fraud risk to accept an order if the AVSResponseCode returns an AVS failure code. See AVS Response Codes for a list of codes. |
String | |
CreditCardAuthReply/PhoneResponseCode | No (Amex only) |
Response code for customer phone number verification. Only applies to Amex authorizations. To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex. |
String | |
CreditCardAuthReply/NameResponseCode | No (Amex only) |
Response code for customer name verification. Only applies to Amex authorizations. To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex. |
String | |
CreditCardAuthReply/EmailResponseCode | No (Amex only) |
Response code for customer email verification. Only applies to Amex authorizations. To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex. |
String | |
CreditCardAuthReply/AmountAuthorized | Yes | Currency amount authorized on the credit card | String |
Positive decimal, up to two decimal places(for example, 4.75) |
CreditCardAuthReply/AmountAuthorized/ @currencyCode |
Yes | Type of currency used for the order | String | 3-character ISO 4217 code (for example, USD, CAD, EUR). See http://en.wikipedia.org/wiki/ISO_4217. |
CreditCardAuthReply/TenderType | No (Always present for Digital Wallet transactions) | This element identifies the
tender type used for the transaction
*Note that this value might be corrected based on Bin Range identification |
String | Min 2 characters Max 4 Characters SchemaVersion in the Request Message has to be equal to or greater than 1.2 in order to receive this element for Card Not Present and Card Present transactions |
CreditCardAuthReply/Extension | No | This element indicates that future optional elements may show up in this location of the XML document in the responses returned from the service. |