Google Pay™

By integrating Google Pay into your website or Android application, your customers can securely make one-touch payments using any credit or debit card connected to their Google account.

Google Pay is currently available for EveryPay merchants based in Greece, for processing Purchases, Voids, Pre-Authorisations, Refunds and Partial Refunds.

Overview

To start processing Google Pay payments, you must first integrate directly with Google. Currently EveryPay supports the Web Integration only.

The payment flow is as follows:

• Merchant integrates Google Pay SDK on their checkout form
• When the end user clicks the Google Pay button, the Merchant receives a Google Pay token
• Merchant sends this token with additional data (amount, billing info, etc) and a callback_url to https://button.everypay.gr/payment-methods/googlepay
• EveryPay decrypts the payload including the token and generates a card token
• EveryPay returns an HTML page to merchants that they render inside an iFrame (hidden)
• This HTML page contains a form that submits automatically to the payment gateway endpoint what merchants specified on their request
• Merchant verifies the payload submitted on this form using their secret key
• Merchant uses the card token that they received on their backend and using their secret key they charge the token on EveryPay payments endpoint

Web Integrations

See more details on Google Pay Web developer documentation, Google Pay Web integration checklist, Tutorial and Google Pay Web Brand Guidelines.

Also, you may look for examples at Live Google Pay demos

In case you face technical issues with your integration please refer to Troubleshooting

Once integration is complete, you can add the Google Pay button to your checkout page and start requesting your customers' encrypted payment information. Google Pay integration and payments can be simplified into a three-step method:

1. Integrate with Google Pay
2. Tokenize the Google Pay payment data
3. Request the payment

NOTE CRYPTOGRAM_3DS credentials receive liability shift by default. Applying 3DS for Google Pay enables liability shift for PAN_ONLY transactions.

Visa and Mastercard have their own criteria for Google Pay liability shift eligibility depending on the transaction region, and whether it was authenticated with CRYPTOGRAM_3DS or PAN_ONLY.

Step 1: Integrate with Google Pay™

Before going live, you are required to register with Google Pay and select EveryPay as your payment processor. You will also need to whitelist your domain here.

NOTE that you must be signed in as a Google Developer to do this. If not, you will be redirected to Google Pay's support page.

For information on integrating with Google Pay, first, refer to the Google Pay API guide.

When you submit a payment data request to the Google API, be sure to include the following parameters:

'gateway': 'everypay

'gatewayMerchantId': '<your public key>'

UI SDK Configuration

{
  "type": "CARD",
  "parameters": {
    "allowedAuthMethods": ["CRYPTOGRAM_3DS"],
    "allowedCardNetworks": ["MASTERCARD", "VISA"]
  },
  "tokenizationSpecification": {
    "type": "PAYMENT_GATEWAY",
    "parameters": {
      "gateway": "everypay",
      "gatewayMerchantId": "<YOUR_PUBLIC_KEY>"
    }
  }
}

NOTE: You will need to specify which card types and card schemes to support in your payment data request.

Payment Schemes: Visa, Mastercard

Authorisation Methods: CRYPTOGRAM_3DS

Step 2: Tokenize the Google Pay™ payment data

Once you have received the payment data from Google, you then need to call EveryPay’s endpoint for tokenizing the encrypted payment data; you can find this payment data in the paymentMethodToken property of the Google Pay payment data request's response.

To find out more about Google Pay payment requests, read the Google Pay object reference.

Initiate Google Pay Request with EveryPay

Endpoint: POST https://button.everypay.gr/payment-methods/googlepay

The table below describes the mandatory and optional fields and appropriate date types that can be used in the request. Some optional fields though are recommended for additional security and higher approval rates.

Request Example:

curl --location --request POST 'https://button.everypay.gr/payment-methods/googlepay' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'amount=1000' \
--data-urlencode 'public_key=pk_test' \
--data-urlencode 'callback_url=http://merchant.com/your_callback' \
--data-urlencode 'sandbox=0' \
--data-urlencode 'token=eyJzaWduYXR1cmUiOiJNRVVDSUhESnRXbSIsImludGVybWVkaWF0ZVNpZ25pbmdLZXkiOnsic2lnbmVkS2V5Ijoie1wia2V5VmFsdWVcIjpcIk1Ga3dFd1wiLFwia2V5RXhwaXJhdGlvblwiOlwiMTY3MDU0NDMwNTkxOFwifSIsInNpZ25hdHVyZXMiOlsiK29rMUljakxYa1VRanJkL0RUbnZBaUFOYlpRIl19LCJwcm90b2NvbFZlcnNpb24iOiJFQ3YyIiwic2lnbmVkTWVzc2FnZSI6IntcImVuY3J5cHRlZE1lc3NhZ2VcIjpcIkRoT0E4OWh4a1ZBXFx1MDAzZFxcdTAwM2RcIixcImVwaGVtZXJhbFB1YmxpY0tleVwiOlwiQkhCSGZWTlNaVTFEZVhCaVVXSCtua1xcdTAwM2RcIixcInRhZ1wiOlwiS0ZsS0o1STREcT1SVUZnc1xcdTAwM2RcIn0ifQ==' \
--data-urlencode 'currency=EUR' \
--data-urlencode 'md=merchant_data' \
--data-urlencode 'payer_email=customer@everypay.gr' \
--data-urlencode 'billing_country=GR' \
--data-urlencode 'billing_city=Athens' \
--data-urlencode 'billing_state=Attiki' \
--data-urlencode 'billing_postal_code=59455' \
--data-urlencode 'billing_address_line1=Karneadou 25' \
--data-urlencode 'billing_address_line2='

Get response to the defined callback_url (using a POST request)

After sending the previous request, EveryPay will respond with an HTML page, that you need to render inside an iFrame to receive the following successful/ failed message

Successful Google Pay Cryptogram Request example:

curl --location --request POST 'http://merchant.com/your_callback' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'token=ctn_AMGLyP0Pl1wQlNaVX2vYxaLC' \
--data-urlencode 'md=data_sent_by_the_merchant' \
--data-urlencode 'hash=Base 64 encoded signature to verify using your secret key'

Failed Google Pay Cryptogram Request example:

curl --location --request POST 'http://merchant.com/your_callback' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'error_status=402' \
--data-urlencode 'error_code=20026|20027' \
--data-urlencode 'error_message=Error message' \
--data-urlencode 'token=' \
--data-urlencode 'md=data_sent_by_the_merchant'

Verify the payload using HMAC-SHA256

Steps to verify signature

1. Base64 decode the hash field

Result example:

"dfb16f65104aeee27139b4b2744e45953adf16fa08ebbbe3c9a5c90b7bb07434|{"callback_url":"http://merchant.com/your_callback","token":"ctn_AMGLyP0Pl1wQlNaVX2vYxaLC","md":"Order 63c7b2ef3416c"}"

The first part “dfb16f65104aeee27139b4b2744e45953adf16fa08ebbbe3c9a5c90b7bb07434” is the signature that the merchant must verify.

2. Generate the signature (Pseudo code)

Hmacsha256('{"callback_url":"http://merchant.com/your_callback","token":"ctn_AMGLyP0Pl1wQlNaVX2vYxaLC","md":"Order 63c7b2ef3416c"}', sk_test)

Should generate:

dfb16f65104aeee27139b4b2744e45953adf16fa08ebbbe3c9a5c90b7bb07434

3. Compare the first part of the base64 decoded hash with the signature that you generated

Step 3: Request a payment using Google Pay™

Now you have the token, it's time to authorize the payment. Take the token, and use it in the body of a card token payment request from your application or website's backend server.

Test Google Pay™

To start testing you need to create a test account.

You can use any real card to simulate payments in a sandbox environment. However, Google also offers test cards, which you can add to your wallet.

When using Google's test environment, if a real card is selected when making the online purchase, Google Pay provides a test card in the encrypted payment data. This ensures that no actual transaction takes place.