Google Pay
Google Pay is a mobile payment and digital wallet service by Google that enables seamless online checkout experiences for payers. You can use Google Pay in Android apps and on the mobile web, with payment methods saved to a Google account or Android device. The Mastercard Gateway supports Google Pay as a mobile wallet.
This topic includes step-by-step integration steps for Google Pay. For more information about mobile wallets and their payment flow, see Mobile Wallets.
The gateway supports these methods.
| Integration Methods | Payment Methods | Operations | Card Brands Supported |
|---|---|---|---|
|
|
|
|
To view examples of API requests for mobile wallet payments, download the Postman collection.
Google Pay integration options
The gateway supports these integration options.
| Hosted Checkout | Direct Payment |
|---|---|
|
|
Prerequisites
To accept Google Pay payments:
- Sign up with Google and create your merchant ID required for the Direct Payment integration method.
- Your merchant profile must be enabled by your payment service provider on the gateway for Device Payments.
- If you want the gateway to perform the decryption of the payment token, your merchant profile on the gateway must have the "Enable Decryption of Google Pay Device Payments" privilege for the Hosted Checkout integration method, it is optional for Direct Payment.
- If you are using a white-labeled domain, contact your payment service provider to enable it for Google Pay.
- If you decrypt the payment token, get your integration approved by Google. Follow the instructions provided by Google for Android or Web.
Adding support for Google Pay to your integration
You can integrate Google Pay into your mobile app or the checkout page of your website using Direct Payment. If you are using Hosted Checkout integration method, you do not need to complete any additional integration steps.
If you want to decrypt the payment token on your server, see Decrypting the Payment Token.
- On payment confirmation, provide the following fields in the
tokenizationSpecificationobject of the Google Pay API:typeTokenization type. Set this to
PAYMENT_GATEWAY.gatewayGateway identifier. Set this to
mpgs. You need to specify the Mastercard Gateway as your payment service provider in your app to allow the payment token generated by Google to be encrypted using the gateway's public key.gatewayMerchantIdMerchant's gateway ID. A unique merchant ID that the gateway can use to verify and identify the merchant when decrypting the payment token. This merchant ID must be the same as your
merchantIdsubmitted on your gateway's API request.
After the payer completes the Google Pay user interface flow, Google provides a payload that contains an encrypted payment token signed by Google. Google issues the payment token for either a mobile wallet payment or a card payment.
You can specify whether you want the Google Pay API to return Funding Primary Account Numbers (FPANs) or Device Primary Account Numbers (DPANs). This can be useful if your acquirer does not support mobile wallet payments, in which case you can limit support to FPANs by settingallowedAuthMethodsto PAN_ONLY in theallowedPaymentMethodsobject of the Google Pay API. - If needed, authenticate the payer by providing the following fields in the INITIATE AUTHENTICATION request.
order.walletProvider = GOOGLE_PAYGoogle Pay mobile wallet provider.
sourceOfFunds.provided.card.devicePayment.paymentTokenEncrypted payment token obtained from the Google Pay SDK.
The gateway decrypts the payment token, and if it contains an FPAN, the INITIATE AUTHENTICATION request proceeds. If the payment token contains a DPAN, the gateway rejects the request because EMV 3‑D Secure authentication does not support DPANs. For more information about how to integrate the gateway using EMV 3-D Secure, see EMV 3-D Secure Authentication.
The gateway supports EMV 3-D Secure authentication with Google Pay from API version 53 and later. - Provide the following fields in the AUTHORIZE, PAY, or UPDATE SESSION request:
order.walletProvider = GOOGLE_PAYGoogle Pay mobile wallet provider.
order.amountTotal amount for the order. The value you provide must be the final amount of the order including shipping and other additional amounts.
order.currencyCurrency of the order.
sourceOfFunds.provided.card.devicePayment.paymentTokenEncrypted payment token obtained from the Google Pay SDK.
The gateway verifies the signature on the payment token to ensure Google signs it. After verification, the gateway decrypts the payment token for you, validates the gateway identifier and the merchant's gateway ID in the payment token, and processes the transaction using the decrypted data.
AUTHORIZE request example for decryption in gateway
URL: 'https://na.gateway.mastercard.com/api/rest/version/<version>/merchant/<merchant_ID>/order/<order_ID>/transaction/<transaction_ID>'
HTTP Method: PUT
'{
"apiOperation": "AUTHORIZE",
"order": {
"amount": "30.10",
"currency": "USD",
"walletProvider": "GOOGLE_PAY"
},
"sourceOfFunds": {
"provided": {
"card": {
"devicePayment": {
"paymentToken"{\n \"protocolVersion\" : \"ECv1\",\n \"signature\" : \"MEYCIQCiSE4dCSwpXwJLo1lKYOZNmFyL...\",\n \"signedMessage\" : \"{\\\"encryptedMessage\\\":\\\"gTVbbw8Nsv4kTulngmSVsZijvS5x7sAM9UZiqyaKfjkqxxJ1pkqRvhWBFc4FnEiMm2rjUPlX55e0dUqI00iQwAfePuhrna...\\\",\\\"ephemeralPublicKey\\\":\\\"BKoBQYjYIEYgw9nzA+0Q06FD77ZhrOXQh9yNUX0LasjL2W9eMvWZ0pCGGRzPKZLCtk...\\\",\\\"tag\\\":\\\"fnZGEbpCkXzKU3xhS5u1E3c6OoB6RzkHbhHx58...\\\"}\"\n}" //This is only a sample token and will not pass validation. Substitute this with an actual payment token returned from Google Pay.
//The gateway considers this value to be a string, NOT JSON itself. The parentheses are a part of the string.
}
}
},
"type": "CARD"
},
"device": {
"ani": "12341234"
},
"transaction": {
"source": "INTERNET"
}
}'
In addition to the standard fields, the response returns the following fields for a successful authorization using a payment token when the issuer successfully maps the DPAN to the FPAN:
- If the payload contains a DPAN for mobile wallet payments:
sourceOfFunds.provided.card.encryption = DEVICEEncrypts the data on the payer’s device, such as a mobile phone.
sourceOfFunds.provided.card.deviceSpecificNumberReturns a 6.4 masked DPAN.
sourceOfFunds.provided.card.deviceSpecificExpiry.monthReturns the DPAN expiry month.
sourceOfFunds.provided.card.deviceSpecificExpiry.yearReturns the DPAN expiry year.
sourceOfFunds.provided.card.numberReturns the masked FPAN, typically 0.4 masked, when available from the acquirer.
sourceOfFunds.provided.card.expiry.monthReturns the FPAN expiry month, when available from the acquirer.
sourceOfFunds.provided.card.expiry.yearReturns the FPAN expiry year, when available from the acquirer.
sourceOfFunds.provided.card.devicePayment.cryptogramFormatIdentifies the format of the cryptogram provided for the mobile wallet payment.
- If the payload contains an FPAN for Google Pay digital wallet payments:
sourceOfFunds.provided.card.encryption = DIGITAL_WALLETEncrypts the data in the digital wallet.
sourceOfFunds.provided.card.numberReturns the masked FPAN, typically 0.4 masked, when available from the acquirer.
sourceOfFunds.provided.card.expiry.monthReturns the FPAN expiry month, when available from the acquirer.
sourceOfFunds.provided.card.expiry.yearReturns the FPAN expiry year, when available from the acquirer.
If you request an unmasked PAN in the transaction response, the gateway returns an unmasked DPAN and FPAN, depending on acquirer support.
responseControls.sensitiveData field to UNMASK, and authenticate your call to the API using certificate authentication.Example response in case of DPAN
{
"authorizationResponse": {
"commercialCard": "123",
"commercialCardIndicator": "1",
"date": "0314",
"financialNetworkCode": "MCC",
"posData": "1025104006600",
"posEntryMode": "812",
"processingCode": "003000",
"responseCode": "00",
"stan": "45467",
"time": "105002",
"transactionIdentifier": "906660122",
"transactionIntegrityClass": "A1"
},
"device": {
"ani": "12341234"
},
"gatewayEntryPoint": "WEB_SERVICES_API",
"merchant": "MADA_DMS_AU",
"order": {
"amount": 30.10,
"authenticationStatus": "AUTHENTICATION_NOT_IN_EFFECT",
"certainty": "FINAL",
"chargeback": {
"amount": 0,
"currency": "USD"
},
"creationTime": "2023-03-14T10:50:01.524Z",
"currency": "USD",
"id": "810663616",
"lastUpdatedTime": "2023-03-14T10:50:02.092Z",
"merchantAmount": 30.10,
"merchantCategoryCode": "1234",
"merchantCurrency": "USD",
"status": "AUTHORIZED",
"totalAuthorizedAmount": 30.10,
"totalCapturedAmount": 0.00,
"totalDisbursedAmount": 0.00,
"totalRefundedAmount": 0.00,
"walletProvider": "GOOGLE_PAY"
},
"response": {
"acquirerCode": "00",
"acquirerMessage": "Approved",
"gatewayCode": "APPROVED",
"gatewayRecommendation": "NO_ACTION"
},
"result": "SUCCESS",
"sourceOfFunds": {
"provided": {
"card": {
"brand": "MASTERCARD",
"devicePayment": {
"cryptogramFormat": "3DSECURE"
},
"deviceSpecificExpiry": {
"month": "1",
"year": "39"
},
"deviceSpecificNumber": "512345xxxxxx0008",
"fundingMethod": "UNKNOWN",
"number": "xxxxxxxxxxxxxxxx",
"scheme": "MASTERCARD",
"storedOnFile": "NOT_STORED"
}
},
"type": "CARD"
},
"timeOfLastUpdate": "2023-03-14T10:50:02.092Z",
"timeOfRecord": "2023-03-14T10:50:01.625Z",
"transaction": {
"acquirer": {
"batch": 20230314,
"date": "0314",
"id": "SYSTEST_ACQ_S2I",
"merchantId": "12345678",
"transactionId": "906660122"
},
"amount": 30.10,
"authenticationStatus": "AUTHENTICATION_NOT_IN_EFFECT",
"authorizationCode": "112233",
"currency": "USD",
"id": "911988788",
"receipt": "307310045467",
"source": "INTERNET",
"stan": "45467",
"terminal": "1111",
"type": "AUTHORIZATION"
},
"version": "71"
}
Example response in case of FPAN
{
"authorizationResponse": {
"cardLevelIndicator": "88",
"commercialCard": "888",
"commercialCardIndicator": "3",
"marketSpecificData": "8",
"posData": "1025104006600",
"posEntryMode": "812",
"processingCode": "003000",
"responseCode": "00",
"returnAci": "8",
"stan": "266773",
"transactionIdentifier": "123456789012345",
"validationCode": "6789"
},
"gatewayEntryPoint": "WEB_SERVICES_API",
"merchant": "TESTLOVECRAFTS2I",
"order": {
"amount": 756.96,
"authenticationStatus": "AUTHENTICATION_NOT_IN_EFFECT",
"certainty": "ESTIMATED",
"chargeback": {
"amount": 0,
"currency": "USD"
},
"creationTime": "2024-04-26T17:22:25.067Z",
"currency": "USD",
"id": "690869250",
"lastUpdatedTime": "2024-04-26T17:22:27.202Z",
"merchantAmount": 756.96,
"merchantCategoryCode": "1234",
"merchantCurrency": "USD",
"status": "AUTHORIZED",
"totalAuthorizedAmount": 756.96,
"totalCapturedAmount": 0.00,
"totalDisbursedAmount": 0.00,
"totalRefundedAmount": 0.00,
"walletProvider": "GOOGLE_PAY"
},
"response": {
"acquirerCode": "00",
"acquirerMessage": "Approved",
"gatewayCode": "APPROVED",
"gatewayRecommendation": "NO_ACTION"
},
"result": "SUCCESS",
"sourceOfFunds": {
"provided": {
"card": {
"brand": "VISA",
"encryption": "DIGITAL_WALLET",
"expiry": {
"month": "1",
"year": "39"
},
"fundingMethod": "CREDIT",
"issuer": "COMMONWEALTH BANK OF AUSTRALIA",
"number": "453224xxxxxx4180",
"scheme": "VISA",
"storedOnFile": "STORED"
}
},
"type": "CARD"
},
"timeOfLastUpdate": "2024-04-26T17:22:27.202Z",
"timeOfRecord": "2024-04-26T17:22:25.160Z",
"transaction": {
"acquirer": {
"batch": 20240426,
"date": "0426",
"id": "CBA_S2I",
"merchantId": "123456",
"transactionId": "123456789012345"
},
"amount": 756.96,
"authenticationStatus": "AUTHENTICATION_NOT_IN_EFFECT",
"authorizationCode": "266773",
"currency": "USD",
"id": "558397991",
"receipt": "411717266773",
"source": "INTERNET",
"stan": "266773",
"terminal": "CBAS2I02",
"type": "AUTHORIZATION"
},
"version": "81"
}
Decrypting the payment token
You can choose to decrypt the payment token on your server instead of providing the payment token for decryption to the gateway. In this case, you must store the encryption credentials and execute the decryption.
Follow these steps to decrypt the payment token:
- On payment confirmation, submit the encrypted payment token that Google Pay returns to your server.
- Decrypt the payment token on your server using your private key. For more information on the decryption steps, see Payment data cryptography for merchants.
- If the decrypted payment token contains an FPAN, you can choose to authenticate the payer first before performing the transaction:
- To authenticate the payer, provide the following fields in the INITIATE AUTHENTICATION request.
order.walletProvider = GOOGLE_PAYGoogle Pay mobile wallet provider.
sourceOfFunds.provided.card.numberRefer the following table.
For more information about how to authenticate the payer using EMV 3-D Secure, see EMV 3-D Secure Authentication.
- Provide the payment data keys from the decrypted token in the corresponding transaction fields in the AUTHORIZE, PAY, or UPDATE SESSION request. Refer the following table.
Table: Payment data keys and the corresponding API request fields with FPAN
Google Pay JSON Key Corresponding API Request Field Description pansourceOfFunds.provided.card.numberCard number (FPAN) of the card that funded this transaction. The payload contains an FPAN when the payer chooses to pay using a card saved to their Google Pay account. The Google Pay API does not currently support capturing the Card Security Code (CSC).expirationMonthsourceOfFunds.provided.card.expiry.monthExpiration month of the pan.expirationYearsourceOfFunds.provided.card.expiry.yearExpiration year of the pan.
- To authenticate the payer, provide the following fields in the INITIATE AUTHENTICATION request.
- If the decrypted payment token contains a DPAN, provide the payment data keys from the decrypted token in the corresponding transaction fields in the AUTHORIZE, PAY, or UPDATE SESSION request.
Do not attempt EMV 3-D Secure authentication if the payment token contains a DPAN. The gateway rejects the request as DPANs are not supported on EMV 3-D Secure authentication.
Table: Payment data keys and the corresponding API request fields with DPAN
Google Pay JSON Key Corresponding API Request Field Description pansourceOfFunds.provided.card.numberDPAN of the card that funded this transaction. expirationMonthsourceOfFunds.provided.card.expiry.monthExpiration month of the pan.expirationYearsourceOfFunds.provided.card.expiry.yearExpiration year of the pan.authMethodsourceOfFunds.provided.card.devicePayment.cryptogramFormatCryptogram format. Set this to EMV 3-D Secure. cryptogramsourceOfFunds.provided.card.devicePayment.onlinePaymentCryptogramCryptogram in EMV 3-D Secure format. eciIndicatorsourceOfFunds.provided.card.devicePayment.eciIndicatorElectronic Commerce Indicator (ECI), if available. - In addition to the above fields, provide the following fields in the AUTHORIZE, PAY, or UPDATE SESSION request and submit it to the gateway:
transaction.source = INTERNETChannel through which you received authorization for the payment for this order. The value
INTERNETindicates that the payer initiated the payment online.order.walletProvider = GOOGLE_PAYGoogle Pay mobile wallet provider.
device.mobilePhoneModel(optional)Identifier of the mobile device used to initiate the payment.
posTerminal.locationPhysical location of the device in relation to your business premises. The possible values are
PAYER_TERMINAL_OFF_PREMISES or PAYER_TERMINAL_ON_PREMISES. If you do not provide a value, the gateway usesPAYER_TERMINAL_OFF_PREMISES.sourceOfFunds.type = CARDsourceOfFunds.provided.card.nameOnCardCardholder's name (optional).
order.currencyISO 4217 currency code for the transaction.
order.amountOrder amount.
AUTHORIZE request example for decryption in your server
{
"apiOperation": "AUTHORIZE",
"order": {
"amount": "30.10",
"currency": "INR",
"walletProvider": "GOOGLE_PAY"
},
"sourceOfFunds": {
"provided": {
"card": {
"expiry": {
"month": "01",
"year": "39"
},
"number": "5123450000000008",
"devicePayment": {
"cryptogramFormat": "3DSECURE",
: {
"onlinePaymentCryptogram": "IA/8pdiWftSsxpFT6wABoDABhgA=",
"eciIndicator": "20"
}
}
}
},
"type": "CARD"
},
"device": {
"ani": "12341234"
},
"transaction": {
"source": "INTERNET"
}
}
The response is similar regardless of whether the decryption happens in the gateway or your server.
Testing your Google Pay integration
Follow these steps to verify that Google Pay payments work correctly before you go live.
-
Confirm how the payment token is decrypted.
Identify where token decryption happens:
- You decrypt the payment token.
- Your payment gateway decrypts the payment token.
This determines which merchant ID you use during testing.
-
Run test transactions.
Process a few test payments using your production gateway setup and supported Google Pay test cards (DPAN or FPAN).
- If you decrypt the token, use your test merchant profile.
- If the gateway decrypts the token, use your production merchant ID.
In this case, the test merchant ID cannot decrypt payment tokens.
For example request payloads, see Test with sample tokens.
-
Review the transaction response.
After each test transaction, check the gateway response.
If the
response.gatewayCodevalue is APPROVED or DECLINED, the transaction is processed successfully. -
Submit your integration for Google approval.
After initial testing, submit your integration to Google for review.
Complete the checklist that applies to your integration:
-
Complete final production testing.
Once Google approves your integration, run final verification tests in production. This test confirms that payments work as expected before you enable live transactions.
-
Test in MTF or TEST environments, if applicable.
If you test in MTF or TEST environments, use the Google Pay test cards. For more details on testing the Google Pay integration in MTF or TEST environments, see the Test cards suite.
Testing Google Pay integration with gateway test data
You can test your integration with the gateway in production using your test merchant profile with a valid test card and provide the order amount value as provided in the following table to get the expected simulated response.
| Order amount | Response |
|---|---|
5656 |
Approved |
5757 |
Declined |
5858 |
TIMED_OUT |
5959 |
UNSPECIFIED_FAILURE |
6161 |
Partially Approved |
6262 |
System Error |
6363 |
UNKNOWN |
Configure your app to use a Google Pay Sandbox environment with your gateway test merchant profile. When the payer selects a card in Google Pay, the app generates a payment token in test mode.
If the transactions are either APPROVED, DECLINED, or any other responses as per the order amount simulation, or based on the supported FPAN as provided by Google, then the gateway can process your test transactions successfully.
Google Pay with the Mobile SDK
The Mobile SDK helps you develop a mobile app that accepts Google Pay payments through the gateway. The gateway offers support for Google Pay through the Mobile SDK. Click here for the Mobile SDK integration guidelines for the Android platform.