Google Pay H2H

[ { "title":"Testing", "link":"https://docs.solidgate.com/payments/testing/", "text":"Simulate payments to test your integration before launching in production.", "imgSrc":"https://solidgate.com/wp-content/uploads/2022/06/icon-customizable.svg" } , { "title":"Create your payment form", "link":"https://docs.solidgate.com/payments/integrate/payment-form/create-your-payment-form/", "text":"Understand how to integrate the payment form into your product.", "imgSrc":"https://solidgate.com/wp-content/uploads/2022/06/icon-payments.svg" } , { "title":"Billing", "link":"https://docs.solidgate.com/billing/", "text":"Smart billing solutions designed for diverse business models.", "imgSrc":"https://solidgate.com/wp-content/uploads/2022/06/icon-global.svg" } ]

Get in touch
Sign in
Google Pay H2H
Decrypt and handle Google Pay tokens for payments

Google Pay allows customers to make secure payments without manually entering card details. It is supported on Android devices and Chrome browsers, providing a seamless checkout experience. Merchants can integrate Google Pay in an H2H setup, where they transmit payment data directly from Google Pay API responses to Solidgate for processing.

Google Pay tokens contain encrypted card information stored within a customer’s digital wallet and let you securely pass your customers’ data to process payments. The approach to decrypting these tokens depends on whether merchants are PCI DSS-compliant or not. If PCI DSS-compliant, they can handle the token decryption and pass raw card details to Solidgate.

Let Solidgate handle decryption
anchor

Solidgate can handle the token decryption if you are not PCI DSS-compliant. Once a payment is initiated, your application or website will receive a Google Pay token, which you must include in the Google Pay API payment request.

For this to work, you need:

Payment flow
anchor


  1. The customer initiates a payment by clicking the Google Pay button on the checkout page.
  2. The merchant invokes the Google Pay API button, and Google handles the user authorization.
  3. If authorization is successful and the user confirms the payment, Google Pay provides the merchant with an encrypted payment token.
  4. The merchant sends the encrypted payment data to Solidgate via the Google Pay API, ensuring the gatewayMerchantId parameter contains the public API key of the channel used for Google Pay button initialization and specifying is_decrypted: false or excluding the is_decrypted parameter.
  5. Solidgate decrypts the payment token and processes the transaction securely.

For further information about payment parameters, refer to the Google Pay API method.

Handle decryption on your side
anchor

If you are PCI DSS-compliant, you can decrypt Google Pay tokens on your side. For that, you will also need to:

  • Have a Google Pay merchant ID
  • Have a H2H integration
  • Follow Google’s guidelines to decrypt the token

To decrypt Google Pay tokens, take the steps described on the Google developer portal. This involves using a cryptographic key and ensuring that sensitive data is securely processed.

Payment flow
anchor


  1. Retrieve the Google root signing keys.
  2. Confirm that the signature of the intermediate signing key is valid using any unexpired root signing key.
  3. Ensure the intermediate signing key for the payload is valid and not expired.
  4. Verify the signature of the payload using the intermediate signing key.
  5. Decrypt the contents of the payload after validating the signature.
  6. Check that the message is not expired by comparing the current time to the messageExpiration field in the decrypted contents.
  7. Send the payment data to Solidgate via the Google Pay API by specifying is_decrypted: true .

The use of is_decrypted: true implies that the data sent is decrypted and this parameter defines the required fields in the request.

If is_decrypted: true , the request must:

  • include the decrypted_data object
  • specify either ECv1 or ECv2 for protocolVersion, which determines parameter validation in decrypted_data
  • specify type: auth and:
    • force3ds: true , false , or null if paymentMethod: CARD (ECv1) or authMethod: PAN_ONLY (ECv2)
    • force3ds: false or null if paymentMethod: TOKENIZED_CARD (ECv1) or authMethod: CRYPTOGRAM_3DS (ECv2)
  • exclude signature and signedMessage

Example with protocolVersion: ECv1 and paymentMethod: CARD :

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

{
  "is_decrypted": true,
  "decrypted_data": {
    "gatewayMerchantId": "your-public-api-key",
    "messageExpiration": "1507738377032",
    "messageId": "AH2EjtcHYs1Ye-ZIZuZXd7eNO4QjQfZjBDtP2ti0tob_a5o22lHmGWHsBVYrrSylkFC3ZTsRdvMadQpwOGCIl7XxhTKcfElmgF7UFbcI8CeUZCWRmbTH5s7h69Baqr4FAM735VNThPiP",
    "paymentMethod": "CARD",
    "paymentMethodDetails": {
      "pan": "4895370012003478",
      "expirationMonth": "12",
      "expirationYear": 2028
    }
  },
  "protocolVersion": "ECv1"
}
Looking for help? Contact us
Stay informed with Changelog