Google Pay in app: you decrypt
We also offer Google Pay™ for native Android applications. Our client Android SDK will help you implement Google Pay in your app.
To fully support Google Pay in your app, you need to take care of the following steps:
- Enable Google Pay with us
- Follow the setup guidelines provided by Google
- Implement Google Pay in your app
- Apply with Google for production access (on Google's side)
Enabling Google Pay on your account with us
First make sure Google Pay is enabled for the account (merchantId) you have with us. To do so contact your account manager who will work together with your implementation manager. They will be able to set the product up for you. You will also need to have regular card products configured in case you use Google Pay, as Google Pay allows consumers to pay with regular PANs. The transactions which are paid with regular PANS will be processed as regular card payments and it is highly recommended to apply 3-D Secure and fraud validations on these transactions.
Follow the setup guidelines provided by Google
Google has a clear overview of the prerequisites you need to follow before you implement the Google Pay API, which are described on the setup section of the Google documentation. This includes adhering to the Google Pay API Acceptable Use Policy as well as the Google Play developer policy. In case Google processes payments for you or in case you sell digital goods, such as movies or games, you should use Google Play In-app Billing.
Implementing Google Pay in your app
Next is the technical integration in your app. Google offers a very clear and concise tutorial on how to implement Google Pay. The technical integration section on this page, explains you the additional steps you need to take to add Google Pay to your native app.
Since you decrypt the sensitive payment data yourself, the type to use in the tokenizationSpecification as referred to by Google is: DIRECT and below steps explain what you need to do additional to the tutorial of Google in order to implement Google Pay in your native app and send us the payment details for decryption.
1 Retrieve Google Pay via the payment product(s) API
Google Pay may not always be available for your customer. The Android SDK makes it easy for you by simply hiding the Google Pay payment product from the get Payment Product(s) responses. So if Google Pay is not available for the current payment, based on the user's device, it will not be returned. For the get Payment Product call this means that a null value will be returned instead.
private void getGooglePayPaymentProduct() {
// session is an already initialized instance of the SDK's GcSession object
session.getPaymentProduct(
this, // Instance of Android ApplicationContext
Constants.PAYMENTPRODUCTID_GOOGLEPAY,
paymentContext,
this // Implementation of OnPaymentProductCallCompleteListener
);
}
/**
* Implementation of the callback method for retrieving a payment product
*/
@Override
public void onPaymentProductCallComplete(PaymentProduct paymentProduct) {
if (paymentProduct != null) {
if (Constants.PAYMENTPRODUCTID_GOOGLEPAY.equals(paymentProduct.getId())) {
// Google Pay is available, render the Google Pay button.
} else {
// A different product was retrieved..
}
} else {
// Google Pay is not available, we should not render it.
}
}2. Strong Customer Authentication (SCA) compliance
In case you use an acquirer that is based in one of the European Economic Area (EEA) countries, you need to make sure that you provide information about the country of the acquirer in transactionInfo.countryCode towards Google, to be compliant with the PSD2 Strong Customer Authentication (SCA) requirements. Google Pay will return the appropriate credentials for transactions based on the country of the acquirer used for this transaction.
The acquirerCountry which you need to provide to Google is in the payment product response. This code snippet below shows you how to obtain the acquirerCountry for the transactionInfo object. You also need to include the totalPrice, the totalPriceStatus and the merchantName parameters as described in step 7 of the Google Pay tutorial as well as in the Strong Customer Authentication section on Google's documentation site.
More information on Strong Customer Authentication compliance for Google Pay can be found at Google Pay API documentation.
private JSONObject initializeGooglePayValues(PaymentContext paymentContext, PaymentProduct googlePayProduct) {
JSONObject paymentRequest = new JSONObject();
try {
// Initialize other payment request values.
JSONObject transactionInfo = new JSONObject();
transactionInfo.put("totalPriceStatus", "FINAL");
String totalPrice = formatAmount(paymentContext.getAmountOfMoney().getAmount().toString());
transactionInfo.put("totalPrice", totalPrice);
transactionInfo.put("currencyCode", paymentContext.getAmountOfMoney().getCurrencyCode().toString());
if (paymentProduct.getAcquirerCountry() != null) {
transactionInfo.put("countryCode", googlePayProduct.getAcquirerCountry());
}
paymentRequest.put("transactionInfo", transactionInfo);
} catch (JSONException e) {
// Something went wrong when generating the JSON payment input.
}
return paymentContext;
}
/**
* Formats the amount used in the Connect platform to the format Google is expecting.
*/
private String formatAmount(String amount) {
String formattedAmount = "00" + amount;
formattedAmount = formattedAmount.substring(0, formattedAmount.length() - 2)
+ "."
+ formattedAmount.substring(formattedAmount.length() - 2);
return formattedAmount;
}3. Rendering the Google Pay button
Google provides a tutorial for implementing Google Pay in Android. The tutorial shows you how to render the Google Pay button, bring up the payment sheet and receive the payment token as soon as your consumer is done paying.
4. Sending the Google Pay payment details to us
To decrypt yourself, you will have to set the tokenizationSpecification type to "DIRECT" when creating the Google Pay paymentDataRequest. In that step you will also have to provide a public key to Google. Google will use this key to encrypt the payment details, which you will be able to decrypt with the corresponding private key. Information on how to do the decryption can be found in the Google Pay tutorial. The decrypted payment details can then be sent to us via our Create Payment API. Please note that Google Pay returns two different styles of payment data. The first are regular card details (PAN_ONLY), whereas the other is a tokenized card (CRYPTOGRAM_3DS). Depending on the authMethod (PAN_ONLY or CRYPTOGRAM_3DS) contained in the paymentMethodDetails you have to provide different fields. Please have a look at the Create Payment API documentation for the specifics.
Below is a create payment request example for a decrypted Google Pay payment token with authMethod PAN_ONLY. Please note that in case of PAN_ONLY transactions, the transactions are processed as regular card transactions for which 3-D Secure applies as well, as described in step 7. In our API you can send in these transactions with the paymentMethod CARD.
{
"order" : {
"amountOfMoney" : {
"currencyCode" : "EUR",
"amount" : 2980
},
"customer" : {
"locale" : "en_US",
"merchantCustomerId" : "1234",
"billingAddress": {
"countryCode": "NL"
}
}
},
"mobilePaymentMethodSpecificInput": {
"paymentProductId": 320,
"decryptedPaymentData": {
"pan": "4111111111111111",
"expiryDate": "1225",
"paymentMethod": "CARD"
},
"paymentProduct320SpecificInput": {
"threeDSecure": {
"challengeCanvasSize": "full-screen",
"redirectionData": {
"returnUrl": "myapp://myapp.com"
}
}
}
}
}5. Apply with Google for production access
After implementation of Google Pay on your own website, you need to register with Google, obtain your merchant ID and get approval for the usage of Google Pay on your checkout page. It is highly recommended to follow the integration checklist provided by Google. You can find the details on Google's documentation site in the section "Request production access" as well as "deploy production environment".