Google Pay Processing

Google Pay

Google Pay™ is a digital wallet platform and online payment system offered by Google Inc. Merchants can add the payment service to websites and apps. Users with Android devices can add payment cards to Google Pay and use those cards to make payments in stores, in apps, and on websites.

Google Pay is supported on Android phones, tablets, and watches. In retail stores, Google Pay uses Near Field Communication (NFC) to transmit card information, facilitating funds transfer to the retailer. It replaces the credit or debit card chip and PIN or magnetic stripe transaction at point-of-sale terminals by allowing the user to upload card data in the Google Pay wallet. The service lets Android devices wirelessly communicate with point of sale systems using a near field communication (NFC) antenna, host-based card emulation (HCE), and Android's security.

Google Pay takes advantage of physical authentications such as fingerprint ID where available. On devices without fingerprint ID, Google Pay is activated with a passcode. When the user makes a payment to a merchant, Google Pay does not send the credit or debit card number with the payment. Instead, it generates a virtual account number representing the user's account information. This service keeps customer payment information private by sending a one-time encryption token instead of the card or user details.

Users can add payment cards to the service by taking a photo of the card, or by entering the card information manually. To pay at a point of sale, a user holds an authenticated device near the point of sale system.

Customer can also make a payment with Google Pay in apps or on websites that offer Google Pay as a payment method.

As a merchant integrating with Google Pay, you must adhere to the Google Pay APIs Acceptable Use Policy and accept the terms defined in the Google Pay API Terms of Service.

Configuration Setup

To be configured for Google Pay, your web store must complete the request process to obtain production access. With approval, Google provides you with instructions for registration and production access to the Google Pay API. In this step, Google provisions a merchantId value that you will use specifically with the Google Pay API.

Web Setup

Before using Google Pay from web, a user must add a payment method to the wallet or enter the card information manually. The payment method is stored in the wallet for future use. See Web Integration for details.

Android Setup

Before using Google Pay from an app, a user must add a payment method to the Android device. Users can add credit cards to the service by taking a photo of the card, or by entering the card information manually. A token is issued and stored in the wallet for future use. See App Integration for details.

Payment Service Support for Google Pay Integration

Radial's Payment Service provides APIs that can be used to integrate with Google Pay both for in-app purchases on mobile devices and purchases made on store websites.

Google Pay Integration Flow

This is the flow to complete a Google Pay transaction for the single request integration using Radial payment service APIs.

  1. At checkout, when a Google Pay user taps the Google Pay button, a payment sheet displays the payment methods that have been saved to the Google Account and optional fields such as a shipping address.
  2. The user can select a payment method in the wallet, or add new payment information, and provide shipping address if required
  3. The client application connects to the Google server with gateway ID radialpayments and using their store ID as the gateway merchant ID, and receives encrypted payment token data in JSON format.
  4. The client application creates a CreditCardAuth request including the authorization amount, GooglePaySigningKey (key signature, value, and expiration), EphemeralPublicKey, Tag, Version, encryption signature, and encrypted token.
  5. The client application sends the CreditCardAuth request to Radial's Payment Service.
  6. Radial's Payment Service uses its private key along with the ephemeral public key passed in the API call to decrypt the payment data.
  7. The Payment Service processes the request as a regular Card Not Present transaction and returns a success or failure response.
  8. The client application receives the success or failure response and prompts the user accordingly.

Google Pay PaymentMethodToken Payload Example

{
    "signature":"MEUCICx6HeNozaC9OlbQ/auODUSMM3LMbIG6ifR92n1Sg6wsAiEAhMUCzr65DJEaq1kzvYRhqB2OjgUF0KTOfe0J9wE2sUk\u003d",
    "intermediateSigningKey":{
        "signedKey":"{\"keyValue\":\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENmrxs4pIO3t5U69sDzzPuxQBiF8L16Qq7N7ngwaIA8c9MPaU5T28TOtthYZbx5OxmhKxX+ENC7TOv4ctIU8v1Q\\u003d\\u003d\",\"keyExpiration\":\"1583311459742\"}",
        "signatures":[
            "MEYCIQCQaFdqxE5qvi239ARVW08jgN3kd2Mu82mxT71yekL5KAIhANQv5GN8B+ZybzTf+bmmP/nLkVMXZOkVAcpA0xxw/5N/"
        ]
   },
   "protocolVersion":"ECv2",
   "signedMessage":"{\"encryptedMessage\":\"Rv9kJ8ppjdTU75ScLQNl7NrRxCM0rTb/Vrqrv8ojo9E2RKzvcjF7XzXwtWsW19Su0PLcVUViZBQ4hrbdTWzkgvUZt5dUTdlXf5Oc/IiaZXCHhcNJxOOzTdIVQ4z585zAqC75XeE5g/9Nj/LN8gvTt39AyGicTh7sEu4v5Y2/VMqY/LGZSrt7Hrva6kb+Gh0F0CB1+97GWjAb1ocoIQqIP9LyS2ZxZ1gbxqa65r5U8+EfUIrG/KXcmZjjMPeaWsRnp2qR3dLWXz6ERZTvDHwUYUg8q6A5BfAjw7jzxvpWQYA3TduVraIWGuMUG58rHGY86fk4m+4F0dEDHW1wypawFQISinGlkuEiFEHq09oXQ19dRxqqaE0KR6VmFEoUHp3iPcpjhOsC8583STBh8eVMCH49Ws18ZdgSTrZ4lKqDPOYpgblKf1cq5cHQysHGLVvDJULurPy2GvwF1jbC1tZQ26jE0joXlepF\",\"ephemeralPublicKey\":\"BHkCxK41VgmFSyQRozlf7jm0Kqm9S6VbyVwB6UzyS4pWw5oOj9LNrwHRqI2GgUnZ5GUhJmiMCkD89dph+OBXgMg\\u003d\",\"tag\":\"Gv3Y4yyc2w5z3BOqURQWFp7f3sHWzzkET/EnefgAWvY\\u003d\"}"
}

APIs Used

Google Pay integration uses the following API

  • Credit Card Auth API

URI Summary

Action URI Template URI Example Non-URI Request Response Note
POST /v[M.m]/stores/[StoreID]/
payments/creditcard/auth/
[TenderCode].[format]
/v1.0/stores/store123/
payments/creditcard/auth/DW.xml
XML 200 + XML response StoreID the same as gateway merchant id

Request Example

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CreditCardAuthRequest xmlns="http://api.gsicommerce.com/schema/checkout/1.0" requestId="1234567">
   <WalletPaymentInformation>
     <GooglePaySigningKey>
         <Signature>MEQCIFGSsF7iR5xwikWkOgJH//iWwH+T8HGSeVBKvwx8CUmaAiAi504erSm1RGc8ML1c0BDmsKXEx4nIV6MKPDMAouXv5g\u003d\u003d</Signature>
         <Value>MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkObfp/N6pZWrSiitgQskQoD+LhrVNZpc5OxH5nwdoyWHAFzMbXHVk5oK4z8+2lx8GZ+J1LCa2NDUwmGEGW8Kcw\u003d\u003d</Value>
         <Expiration>1570171869038</Expiration>
     </GooglePaySigningKey>
     <EphemeralPublicKey>BMLuyqMv0puSlEkaGItWfMEhXkaKjMJ4NfQ2ybTmSVDmOdoOnA3Sv9kgzx3vjLWv+++YJboP/lTrZmXoU2tOsG0\u003d</EphemeralPublicKey>
     <Tag>cH9Uitc/eOKJV+pIvmBms6b5A5PdRJi89+xTVWxxblc\u003d</Tag>
     <Version>ECv2</Version>
     <Data>rs97b9L243rd/eV6e7FYTqIfqOcA28jq0hgea6IcPrFZrQZg6/jtLLr0QY/NGY3PIiYlSv7cjslD1MznBmEHjqWoueZUufuE0SvbHSyJodJbx/ABxEc6pbUKFD0OHGbWwZAusIP7eE19AKR3gUwfHYGlAUJcpUXs2z6eFbFLiBve3yGn5oauzxLzwoUkt5O2OUbOyLR17WIIz7bWogynJrfLIVGtk72y7PLUH+ewOv6T91C+tILeK+2xgwvJt/sQTonRwh4DQDtecqCFpMGxnOEgvjynZxubcLIMPfsRjkRdWAbyd2CNHVPhtoE++LNXzqxbQFiT81fDUSHv1Q6AUtxeuACQulckazi51SrPd+uxxAjuCHBQZbRWuZZIN2pVypdu1iGePLjAO7dEqlO+ppT0hUQbrMJjFRPmYlAhSgF5Pc4NDf+IyqdU3A+P6kt2fwuHwHsY4o7JCAb7qwtrGgmGpSkBU50UHtzI3qrQ8GraJ0N3FUx/Lst4VWGAwUAwNOPpnHnAeYbgho6nVECQ2yGbV+mwYR6oA0LXuK2ZeBPsiUOL</Data>
     <Signature>MEQCIBHBJhV144JGM2OIGYof7FdXFmQPvPa4IhEgW0BJRbGPAiABL/Z7GucSxvuyofNDkJSuak8ZwXnFZ02W8BHsOk7ovQ\u003d\u003d</Signature>
   </WalletPaymentInformation>
   <OrderId>1</OrderId>
   <Amount currencyCode="USD">14.99</Amount>
   <BillingFirstName>John</BillingFirstName>
   <BillingLastName>Smith</BillingLastName>
   <BillingPhoneNo>6101234567</BillingPhoneNo>
   <BillingAddress>
      <Line1>123 Main St</Line1>
      <Line2>Building 123</Line2>
      <Line3>4th Floor</Line3>
      <Line4>Apt 12</Line4>
      <City>Philadelphia</City>
      <MainDivision>PA</MainDivision>
      <CountryCode>US</CountryCode>
      <PostalCode>19019</PostalCode>
   </BillingAddress>
   <CustomerEmail>customer@sample.com</CustomerEmail>
   <CustomerIPAddress>208.247.73.130</CustomerIPAddress>
   <ShipToFirstName>John</ShipToFirstName>
   <ShipToLastName>Smith</ShipToLastName>
   <ShipToPhoneNo>6101234567</ShipToPhoneNo>
   <ShippingAddress>
      <Line1>123 Main St</Line1>
      <Line2>Building 123</Line2>
      <Line3>4th Floor</Line3>
      <Line4>Apt 12</Line4>
      <City>Philadelphia</City>
      <MainDivision>PA</MainDivision>
      <CountryCode>US</CountryCode>
      <PostalCode>19019</PostalCode>
   </ShippingAddress>
</CreditCardAuthRequest>

Request Elements

Element Required Description Type Restriction
CreditCardAuthRequest/WalletPaymentInformation Yes Digital Wallet Payment Information ComplexType
CreditCardAuthRequest/WalletPaymentInformation
/GooglePaySigningKey/Signature
Yes Signature from key signing,
corresponding to intermediateSigningKey/signatures
String
CreditCardAuthRequest /WalletPaymentInformation/
GooglePaySigningKey/Value
Yes Signing key,
corresponding to intermediateSigningKey/signedKey/keyValue
String
CreditCardAuthRequest/WalletPaymentInformation/
GooglePaySigningKey/Expiration
Yes Signinng key expiration,
corresponding to intermediateSigningKey/signedKey/keyExpiration
String
CreditCardAuthRequest /WalletPaymentInformation/
EphemeralPublicKey
Yes A Base64 encoded ephemeral public key associated with the private key to encrypt the message,
corresponding to signedMessage/ephemeralPublicKey
String
CreditCardAuthRequest/WalletPaymentInformation/
Tag
Yes Base64 encoded MAC of encrypted payment data,
corresponding to signedMessage/tag
String
CreditCardAuthRequest/WalletPaymentInformation/
Version
Yes Google Pay version of payment service integration, e.g. ECv2,
corresponding to protocolVersion
String
CreditCardAuthRequest/WalletPaymentInformation/
Data
Yes Encrypted Payment Data,
corresponding to signedMessage/encryptedMessage
Base64 encoded string
CreditCardAuthRequest/WalletPaymentInformation/
Signature
Yes Verifies that the message came from Google, Base64-encoded and created with ECDSA by the signing key,
corresponding to signature
Base64 encoded string
CreditCardAuthRequest/OrderId Yes Unique identifier of the order The client must ensure uniqueness of OrderIds across all orders that the client initiates with this service. String Min 1 character
Max 20 characters
CreditCardAuthRequest/Amount Yes Amount value to authorize for the order String Positive decimal, up to two decimal places(for example, 4.75)
CreditCardAuthRequest/Amount/
@currencyCode
Yes Type of currency used for the amount String 3-character ISO 4217 code (for example, USD, CAD, EUR). See http://en.wikipedia.org/wiki/ISO_4217.
CreditCardAuthRequest/BillingFirstName Yes First name of the person on the billing address of the credit card String
CreditCardAuthRequest/BillingLastName Yes Last name of the person on the billing address of the credit card String
CreditCardAuthRequest/BillingPhoneNo Yes Phone number of the person on the billing address of the credit card String
CreditCardAuthRequest/BillingAddress Yes (for AVS verification) Billing address of the credit card ComplexType
CreditCardAuthRequest/BillingAddress/Line1 Yes

Line# components of the street address and, if necessary, suite and building identifiers for the physical address. Line1 is required.

Line2, Line3, and Line4 are optional. Include them only if the data exists. A blank AddressLine element will fail validation.

String

1 to 70 characters.

CreditCardAuthRequest/BillingAddress/Line2 No

String

1 to 70 characters.

CreditCardAuthRequest/BillingAddress/Line3 No

String

1 to 70 characters.

CreditCardAuthRequest/BillingAddres/Line4 No

String

1 to 70 characters.

CreditCardAuthRequest/BillingAddress/City Yes Name of the city String Min 1 character
Max 40 characters
CreditCardAuthRequest/BillingAddress/MainDivision No Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2. String Min 1 character
Max 35 characters
CreditCardAuthRequest/BillingAddress/CountryCode Yes Two digit ISO 3166 alpha 2 code country code. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 String Min 2 characters
Max 40 characters
CreditCardAuthRequest/BillingAddress/PostalCode No String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, US ZIP code) String Min 1 character
Max 15 characters
CreditCardAuthRequest/CustomerEmail Yes Email address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors. String Min 1 character
Max 70 characters
CreditCardAuthRequest/CustomerIPAddress Yes IP address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors. IPv4Address Valid dotted quad IPv4 Address
CreditCardAuthRequest/ShipToFirstName Yes First name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. String
CreditCardAuthRequest/ShipToLastName Yes Last name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. String
CreditCardAuthRequest/ShipToPhoneNo No Phone number of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. String
CreditCardAuthRequest/ShippingAddress Yes First/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. For orders that do not have a shipping address, pass the billing address as the shipping address. ComplexType
CreditCardAuthRequest/ShippingAddress/Line1 Yes

Line# components of the street address and, if necessary, suite and building identifiers for the physical address. Line1 is required.

Line2, Line3, and Line4 are optional. Include them only if the data exists. A blank AddressLine element will fail validation.

String

1 to 70 characters.

CreditCardAuthRequest /ShippingAddress/Line2 No

String

1 to 70 characters.

CreditCardAuthRequest/ShippingAddress/Line3 No

String

1 to 70 characters.

CreditCardAuthRequest/ShippingAddress/Line4 No

String

1 to 70 characters.

CreditCardAuthRequest/ShippingAddress/City Yes Name of the city String Min 1 character
Max 40 characters
CreditCardAuthRequest/ShippingAddress/MainDivision No

Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2.

String Min 1 character
Max 35 characters
CreditCardAuthRequest/ShippingAddress/CountryCode Yes Two digit ISO 3166 alpha 2 code country code. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 String Min 2 characters
Max 40 characters
CreditCardAuthRequest/ShippingAddress/PostalCode No

String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, U.S. ZIP code)

String Min 1 character
Max 15 characters

Reply Example

The response is a CreditCardAuthReply message.

<?xml version="1.0" encoding="UTF-8"?>
    <CreditCardAuthReply xmlns="http://api.gsicommerce.com/schema/checkout/1.0">
       <PaymentContext>
          <OrderId>1</OrderId>
          <!-- You will receive a token in the response, which is a scrambled version of the Credit Card number.
             This token gets passed to the Order Service, not the original credit card number -->
          <PaymentAccountUniqueId isToken="true">4054131ImpMJ6965</PaymentAccountUniqueId>
       </PaymentContext>
       <ResponseCode>APPROVED</ResponseCode>
       <AuthorizationResponseCode>AP01</AuthorizationResponseCode>
       <BankAuthorizationCode>614653</BankAuthorizationCode>
       <CVV2ResponseCode>0</CVV2ResponseCode>
       <AVSResponseCode>E</AVSResponseCode>
       <PhoneResponseCode></PhoneResponseCode> <!-- AmEX only -->
       <NameResponseCode></NameResponseCode> <!-- AmEX only -->
       <EmailResponseCode></EmailResponseCode> <!-- AmEX only -->
       <AmountAuthorized currencyCode="USD">14.99</AmountAuthorized>
       <TenderType>VC</TenderType>
    </CreditCardAuthReply>          

Response Elements

Element Required Description Type Restriction
CreditCardAuthReply/PaymentContext Yes

Unique identifier of the payment transaction for the order

ComplexType  
CreditCardAuthReply/PaymentContext/
OrderId
Yes Unique identifier of the order. The client must ensure uniqueness of OrderIds across all orders that the client initiates with this service. String Min 1 character
Max 20 characters
CreditCardAuthReply/PaymentContext/
PaymentAccountUniqueId
Yes

Token (scrambled version) of the PAN (payment account number such as a credit card number). When passing the PAN for the PaymentAuthCancelRequest and the PaymentSettlementRequest messages, always use the returned token, not the original PAN.

String Min 1 character
Max 22 characters
CreditCardAuthReply/PaymentContext/
PaymentAccountUniqueId/
@isToken
Yes Attribute that indicates whether the PAN is tokenized. In the CreditCardAuthReply message, this attribute is always set to true. String true
CreditCardAuthReply/ResponseCode No

Response code of the credit card authorization. Includes approved, timeout, and several decline codes. Only orders with an approved or timeout response code are submitted to the Order Service.

See Authorization Response Codes for a list of codes.

String

SchemaVersion in the Request Message has to be equal to or greater than 1.1 in order to receive this element

CreditCardAuthReply/
AuthorizationResponseCode
Yes

Response code of the credit card authorization. This includes approval, timeout, and several decline codes.

See Authorization Response Codes for a list of codes.

String
CreditCardAuthReply/BankAuthorizationCode Yes

Authorization code returned by the payment processor upon a successful credit card authorization.

Any order taken by the Order Service and paid by credit card MUST have this authorization code.

String
CreditCardAuthReply/CVV2ResponseCode Yes

Payment processor response code for the CVV2 (card verification value) check.

For most credit cards, you get an approval on the ResponseCode even if the CVV2ResponseCode returns a CVV2 failure. You CANNOT accept an order if the CVV2ResponseCode returns a CVV2 failure code.

See CVV2 Response Codes for a list of codes.

String
CreditCardAuthReply/AVSResponseCode Yes

Payment processor response for the Address Verification System (AVS) check.

For most credit cards, you get an approval on the ResponseCode even if the AVSResponseCode returns an AVS failure code. It is typically considered a significant fraud risk to accept an order if the AVSResponseCode returns an AVS failure code.

See AVS Response Codes for a list of codes.

String
CreditCardAuthReply/PhoneResponseCode No (Amex only)

Response code for customer phone number verification. Only applies to Amex authorizations.

To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex.

String
CreditCardAuthReply/NameResponseCode No (Amex only)

Response code for customer name verification. Only applies to Amex authorizations.

To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex.

String
CreditCardAuthReply/EmailResponseCode No (Amex only)

Response code for customer email verification. Only applies to Amex authorizations.

To support downstream fraud processing, this data should be included in the OrderCreateRequest for orders paid with Amex.

String
CreditCardAuthReply/AmountAuthorized Yes Currency amount authorized on the credit card String

Positive decimal, up to two decimal places(for example, 4.75)

CreditCardAuthReply/AmountAuthorized/
@currencyCode
Yes Type of currency used for the order String 3-character ISO 4217 code (for example, USD, CAD, EUR). See http://en.wikipedia.org/wiki/ISO_4217.
CreditCardAuthReply/TenderType No (Always present for Digital Wallet transactions) This element identifies the tender type used for the transaction

*Note that this value might be corrected based on Bin Range identification

String Min 2 characters
Max 4 Characters

SchemaVersion in the Request Message has to be equal to or greater than 1.2 in order to receive this element for Card Not Present and Card Present transactions

CreditCardAuthReply/Extension No This element indicates that future optional elements may show up in this location of the XML document in the responses returned from the service.