[
{
"title":"Testing",
"link":"https://docs.solidgate.com/payments/testing/",
"text":"Simulate payments to test your integration before launching in production.",
"imgSrc":"https://solidgate.com/wp-content/uploads/2022/06/icon-customizable.svg"
}
,
{
"title":"Create your payment form",
"link":"https://docs.solidgate.com/payments/integrate/payment-form/create-your-payment-form/",
"text":"Understand how to integrate the payment form into your product.",
"imgSrc":"https://solidgate.com/wp-content/uploads/2022/06/icon-payments.svg"
}
,
{
"title":"Billing",
"link":"https://docs.solidgate.com/billing/",
"text":"Smart billing solutions designed for diverse business models.",
"imgSrc":"https://solidgate.com/wp-content/uploads/2022/06/icon-global.svg"
}
]
Google Pay allows customers to make secure payments without manually entering card details. It is supported on Android devices and Chrome browsers, providing a seamless checkout experience.
Merchants can integrate Google Pay in an H2H setup, where they transmit payment data directly from Google Pay API responses to Solidgate for processing.
Google Pay tokens contain encrypted card information stored within a customer’s digital wallet and let you securely pass your customers’ data to process payments.
The approach to decrypting these tokens depends on whether merchants are PCI DSS-compliant or not. If PCI DSS-compliant, they can handle the token decryption and pass raw card details to Solidgate.
Let Solidgate handle decryption
Solidgate can handle the token decryption if you are not PCI DSS-compliant.
Once a payment is initiated, your application or website will receive a Google Pay token, which you must include in the Google Pay API payment request.
The customer initiates a payment by clicking the Google Pay button on the checkout page.
The merchant invokes the
Google Pay
API
button, and Google handles the user authorization.
If authorization is successful and the user confirms the payment, Google Pay provides the merchant with an encrypted payment token.
The merchant sends the encrypted payment data to Solidgate via the Google Pay API, ensuring the gatewayMerchantId parameter contains the public API key of the channel used for Google Pay button initialization and specifying is_decrypted:
false
or excluding the is_decrypted parameter.
Solidgate decrypts the payment token and processes the transaction securely.
For further information about payment parameters, refer to the
Google Pay
API
method.
Handle decryption on your side
If you are PCI DSS-compliant, you can decrypt Google Pay tokens on your side. For that, you will also need to:
To decrypt Google Pay tokens, take the steps described on the Google
developer portal
Reference
. This involves using a cryptographic key and ensuring that sensitive data is securely processed.
Payment flow
Retrieve the Google root signing keys.
Confirm that the signature of the intermediate signing key is valid using any unexpired root signing key.
Ensure the intermediate signing key for the payload is valid and not expired.
Verify the signature of the payload using the intermediate signing key.
Decrypt the contents of the payload after validating the signature.
Check that the message is not expired by comparing the current time to the messageExpiration field in the decrypted contents.
Send the payment data to Solidgate via the
Google Pay
API
by specifying is_decrypted:
true
.
The use of is_decrypted:
true
implies that the data sent is decrypted and this parameter defines the required fields in the request.
If is_decrypted:
true
, the request must:
include the decrypted_data object
specify either
ECv1
or
ECv2
for protocolVersion, which determines parameter validation in decrypted_data
specifytype:
auth
and:
force3ds:
true
,
false
, or
null
if paymentMethod:
CARD
(ECv1) or authMethod:
PAN_ONLY
(ECv2)
force3ds:
false
or
null
if paymentMethod:
TOKENIZED_CARD
(ECv1) or authMethod:
CRYPTOGRAM_3DS
(ECv2)
highly recommended to provide with paymentMethod:
TOKENIZED_CARD
the 3dsEciIndicator
Guide
ECI value represents authentication, affects authorization and liability protection.
value
for better transaction success rate
excludesignature and signedMessage
Example with protocolVersion:
ECv1
and paymentMethod:
CARD
: