Integrating with Google Pay™️

Overview

The Google Pay™️ integration allows a VGS vault to intercept encrypted payment tokens, decrypt the tokens, and alias the sensitive card information before forwarding the aliased payload to your inbound upstream.

Note that sandbox vaults are configured to always use the sandbox Google Pay™️ keys when decrypting the message. Production vaults will always use the production Google Pay™️ keys when decrypting the payload.

Instructions

This integration can be enabled from the Integrations list in your VGS vault. Enabling this integration will create a new inbound route in your vault.

Enable the Google Pay™️ integration from the Integrations list in your VGS vault. Enabling this integration will create a new inbound route in your vault.

Download the new Inbound Route YAML and update the value that says GATEWAY-MERCHANT-ID to your VGS Organization ID. This value can be found by going to the Organization Settings area in the VGS dashboard.

Upload the updated YAML file to your vault. The integration is now fully setup.

Request Data Structure

By default, the integration expects the POST data to be in the format below. If you wish to change this data format, modify anywhere in the YAML file that references google_pay_payload.token and replace it with the new location to the GooglePay token.

{
    "google_pay_payload": {
        // The "token" field contains the payload from Google Pay. The VGS Proxy will be replace this field with the decrypted and tokenized version
        "token": {
            "signature": "...",
            "intermediateSigningKey":{
                "signedKey":"...",
                "signatures":[
                    "..."
                ]
            },
            "protocolVersion":"ECv2",
            "signedMessage":"..."
        },
        "miscellaneous_data": "Miscellaneous data. There can be any number of additional data fields."
    },
    "miscellaneous_data": "additional data fields"
}

Upstream Data Structure

After routing through the VGS proxy, the Upstream server will receive the following data:

Event diagram

Below is a runtime event diagram for decrypting a Google Pay™️ payment token.

Google Pay™️ Feature Support

Auth Methods

The VGS integration with Google Pay™️ supports both CRYPTOGRAM_3DS and PAN_ONLY payloads. Details on the supported auth methods can be found in the Google Pay docs in the allowedAuthMethods section.

Card Networks

The VGS integration with Google Pay™️ supports decrypting payloads from the following card networks: AMEX, DISCOVER, INTERAC, JCB, MASTERCARD, MIR, VISA

In order to support combo cards from Brazil, this list also includes the following card networks: ELECTRON, MASTERCARD, MAESTRO, ELO, and ELO_DEBIT

Details on the list of card networks can be found in the Google Pay docs in the allowedCardNetworks section.

Samples

Check out our sample applications below to see how to collect Google Pay™️ data with VGS.

This example demonstrates how easily you can integrate VGS + Google Pay into your React application and secure sensitive payment data.