Google Pay™
How to integrate Google Pay, the security model, and the token flow.
Overview
Google Pay lets customers pay using cards saved in their Google Account — with a single tap, on Android devices and in Web browsers. Google Pay uses encryption so the customer's actual card number never reaches your integration directly.
PayMongo supports Google Pay through the google_pay_card payment method type.
How it works
- The customer taps the Pay with Google Pay button on your checkout
- Google displays cards saved in their Google Pay account
- The customer selects a card and confirms with face/fingerprint/PIN
- Google returns an encrypted token to your frontend
- You submit the token to PayMongo's Payment Method endpoint
- PayMongo decrypts the token and processes the payment through the Payment Intent workflow
Prerequisites
- Account configuration is required — contact PayMongo support if the Google Pay option doesn't appear in your dashboard
- You must comply with Google's Acceptable Use Policy
- You must accept Google's Google Pay API Terms of Service
- Review the Google Pay API Documentation before starting your integration
- Google Pay works with PayMongo's Checkout API, Shopify, Pages, and Links integrations in addition to the direct API
Accept a Google Pay payment
Before you start
Merchants must submit their business and verify their integration in the Google Pay Console before using Google Pay through the Payment Intent workflow.
Set up the Google Pay button
Follow Google's web documentation to add the Google Pay button to your checkout page. In the tokenizationSpecification, set:
const tokenizationSpecification = {
type: 'PAYMENT_GATEWAY',
parameters: {
gateway: 'paymongo',
gatewayMerchantId: 'YOUR_PAYMONGO_PUBLIC_KEY'
}
};Supported networks:
const allowedCardNetworks = ['MASTERCARD', 'VISA'];Supported authentication methods:
const allowedCardAuthMethods = ['PAN_ONLY'];
// CRYPTOGRAM_3DS support is coming soon| Method | What it means |
|---|---|
PAN_ONLY | The customer's actual card (PAN) is tokenized by Google. 3D Secure may be required by the issuing bank. |
CRYPTOGRAM_3DS | A virtual card with a one-time cryptogram — 3DS is embedded in the token. Coming soon. |
Extract the encrypted token
When the customer approves the Google Pay payment, the response includes paymentMethodData.tokenizationData.token — an encrypted string.
const paymentData = await paymentsClient.loadPaymentData(paymentDataRequest);
const encryptedToken = paymentData.paymentMethodData.tokenizationData.token;Create a Payment Intent (server-side)
const response = await fetch('https://api.paymongo.com/v1/payment_intents', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Basic ' + btoa('sk_test_YOUR_SECRET_KEY:')
},
body: JSON.stringify({
data: {
attributes: {
amount: 10000,
currency: 'PHP',
payment_method_allowed: ['google_pay_card'],
description: 'Order #1234'
}
}
})
});
const intent = await response.json();Create a Payment Method with the token
const response = await fetch('https://api.paymongo.com/v1/payment_methods', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Basic ' + btoa('pk_test_YOUR_PUBLIC_KEY:')
},
body: JSON.stringify({
data: {
attributes: {
type: 'google_pay_card',
details: {
token: encryptedToken
},
billing: {
name: 'Juan dela Cruz',
email: '[email protected]'
}
}
}
})
});Attach and handle the result
Attach the Payment Method to the Payment Intent. Check the status and handle awaiting_next_action (3DS) if the card is PAN_ONLY and the bank requires it.
Before going live
Before accepting live Google Pay payments, complete the following:
- Submit your integration for review in the Google Pay Console
- Follow Google Pay brand guidelines when placing the button — it must not be modified beyond Google's approved customizations
- Complete the Google Pay integration checklist before going live
Updated about 4 hours ago