Google Pay ™


Applicable Scenario: Google Pay ™

Applicable Scenarios: Merchants supporting Google Pay payments

Google Pay supports payments on mainstream PC and mobile web browsers as well as mobile applications. YabandPay offers seamless integration with Google Pay, supporting debit and credit cards from the following international card schemes:

  • Visa / VPay

  • Mastercard / Maestro

  • UnionPay

Settlement accounts must be located in the European Economic Area (EEA) or the United Kingdom (UK).

[!TIP|style:flat]

All merchants using Google Pay must comply with the following terms:

Merchants accessing Google Pay via YabandPay's hosted solution are deemed to have accepted and agreed to comply with the above terms.

2. Credential Types & 3D Secure Requirements

Google Pay provides two types of payment credentials (tokens):

  • PAN_ONLY: Returns encrypted primary account number details (cardInfo.cardDetails) and card network (cardInfo.cardNetwork), without a dynamic cryptogram.
  • CRYPTOGRAM_3DS: Returns tokenized credentials based on the network token (DPAN) and includes a dynamic cryptogram for higher security transactions.

3D Secure Requirements:

  • If a PAN_ONLY credential is received, a 3D Secure verification must be performed (set parameter 3ds_initiate=01), otherwise the transaction will be rejected by YabandPay.

  • Frontend integration is recommended to support both credential types: ["CRYPTOGRAM_3DS", "PAN_ONLY"].

  • YabandPay's backend will automatically determine whether to execute 3D Secure based on the credential type.

2. App or Web Integration (Self-Hosted)

Merchants may integrate the Google API to initiate payment flows for self-hosted websites or apps. Below is the integration flow and configuration example:

Payment Flow:

  • The user clicks the Google Pay button on the merchant’s website or app;

  • Authentication is completed using Face ID / Touch ID / password;

  • Google returns the encrypted token;

  • The merchant submits the token to YabandPay for processing.

Note: If the merchant opts for self-hosted integration, a Google Pay merchant account must be registered via the Google Pay & Wallet Console, and a Merchant ID obtained. This ID will be linked to YabandPay’s payment channel.

API Configuration Example:

"tokenizationSpecification": {
  "type": "PAYMENT_GATEWAY",
  "parameters": {
    "gateway": "yabandpay",
    "gatewayMerchantId": "<Merchant ID assigned by YabandPay>"
  }
}
  • The received token must be Base64-encoded and submitted to YabandPay as the payment_token_object;

  • gateway:A fixed value, must be set to "yabandpay";

  • Address verification is not required. We recommend configuring:

billingAddressRequired: false

3. Hosted Integration

YabandPay offers a hosted Google Pay payment solution. Merchants do not need to integrate the Google Pay button or SDK themselves. Instead, they simply submit an order via a standard API and redirect users to the YabandPay hosted page at https://pay.yabandpay.com, where the user completes the Google Pay transaction.

Since Google Pay is embedded in the YabandPay page in this hosted mode, merchants are not required to configure any CSP policies, load Google scripts, or manage SDK versions.

Integration Flow:

  • The merchant initiates an order using YabandPay’s Hosted Payment Page (HPP), and receives a pay_url in the response;

  • The user is redirected to the hosted page at pay_url;

  • The user completes the Google Pay transaction on pay_url;

  • Upon completion, the user is redirected to the merchant’s configured redirect_url, and the result is asynchronously notified via notify_url.

Features & Advantages:

  • No need to load Google Pay scripts or JavaScript SDK on the frontend;

  • The payment process is securely hosted by YabandPay;

  • The hosted page displays merchant name and order information for better user recognition;

  • All transactions are processed using YabandPay’s unified Google Merchant ID;

  • Merchants only need to enable Google Pay in the YabandPay merchant dashboard.

4. Authorization Methods

YabandPay supports the following Google Pay authorization modes:

  • One-time payment authorization (DPAN + cryptogram);

  • Card-on-File (COF) is not supported;

  • FIDO biometric authentication is not supported.

5. Data Submission & Security Requirements

  • Submit the Base64-encoded payment_token_object via HTTPS POST to YabandPay;

  • All data transmissions must use TLS 1.2 or higher;

  • YabandPay performs decryption using PCI DSS-compliant HSM infrastructure.

6. Official Google Pay Integration References

General Resources:

App Integration Resources:

Web Integration Resources:


API URL:https://mapi.yabandpay.com/Payments

Method:POST

POST data type:Json

Parameter Type Description Required
user String the UID of cashier account Required
sign String signature Required
method String v3.CreateCardPayments Required
time Long timestamp Required
  • Parameter
Parameter Type Description Required
pay_method String online Required
sub_pay_method String Google Pay Required
operation String 1.Sales 2.Authorisation; Required
order_id String order id from Merchant Required
amount String format in cents: € 24.99 should be 24.99, the min amount is EUR 1.00 Required
currency String ISO 4217, For example EUR, CHF Required
description String order description Required
demo String custom field Optional
3ds_initiate String 01. Enable 3D Secure ; Required
payment_token_object String The "payment_token_object" string obtained from Google Pay Required
timeout String value 0 means 1440 minutes Required
redirect_url String the redirect URL after payment is completed Required
notify_url String asynchronous notification url Required
request_id String The request ID must be unique. It is recommended to use a combination of at least 24 digits and letters. Required

Obtain payment_token_object:

Example of token returned by Google Pay:

{
    "signature": "MEUCIC+XtiYdlmjL2/1wEn33qnya8G4POk5jYkRNY5+MkdBlAiEAwoRYQu26ZopwpcOWlwUe/E+i4FKzpunCFZf44mS0cxQ\u003d",
    "intermediateSigningKey": {
        "signedKey": "{\"keyValue\":\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUJW8LjUtTV7esDMJLtCe8hYjlcQih8g7HP5bgO4ysma4/CwGq0CnZ5G0t0o44D92d9L3SfXS2GyK2PJMtE/NBg\\u003d\\u003d\",\"keyExpiration\":\"1724120515000\"}",
        "signatures": ["MEYCIQC1ZWgFEaSR1pNbwTW6liQL7WXZQZExx1Idj7oQzHvoPQIhAOx1b+9CamfDeZUcHXpU01xTfa6EaaH3TgKaTBnrsuuG"]
    },
    "protocolVersion": "ECv2",
    "signedMessage": "{\"encryptedMessage\":\"y+XA1ltwldTcmVSZwfVayP7b0hPNLODGyi2UgCCJcSSs0iBj73HML5eWcYBiT+T+ZP8SmV54U9E2AmuRwVeVYHai8Z/ajrxE7fM+Fv/e9IXt36WjC4SWhAHM8T/DkOlE6BcuoKAMz6iLkJJ40g0zAkUKijln5YEbhLXHRoh/5l/8wGNDxErI7JdNZ4cA9vh8go/gR2YXKxVngFH4PFHcGyKa4MKnYDATMBDdx/F+MI4vVtPLXruTPpG0HBgLlJct95LZl9T686sOWuwg4pWLLSqcbuqd+MAZZihy2FW+9cdKNXsebL91rRbq7dahtET1K90YzyWzM9CfntcjHf5YqhnssApnE+Jb7OZ+mn5hO27Z93by7G3Fgi7YxJqcW4o/4D+NIANe0BqwbFyhw5Un8rIKkXg//WD9TlFHl2oIgyOKnZLO8NrnfEffoxstvRft1enafD0DadUk2IL5+Q\\u003d\\u003d\",\"ephemeralPublicKey\":\"BFzys/8Oy4iBu0ZYlLcy5SNZUOKFQhTx/985qiMFKGssVm4Fk9hweWlemyClMbI216lbsPS4Sy15ab/75gW1v08\\u003d\",\"tag\":\"jpHUeHrZuI1y77wRisFznOadAzlP2je8RFpT9PFpmHs\\u003d\"}"
}

The payment_token_object field is the base64_encoded string of the token data obtained after connecting to Google Pay.

Signature:

Lexicographical sequence and URL key-value format new string

"3ds_initiate=01&amount=0.1&currency=EUR&description=test&method=v3.GooglePayment&notify_url=https://www.yabandpay.com/notify&operation=1&order_id=1723517503&pay_method=online&payment_token_object=eyJzaWduYXR1cmUiOiJNRVVDSUMrWHRpWWRsbWpMMi8xd0VuMzNxbnlhOEc0UE9rNWpZa1JOWTUrTWtkQmxBaUVBd29SWVF1MjZab3B3cGNPV2x3VWUvRStpNEZLenB1bkNGWmY0NG1TMGN4UVx1MDAzZCIsImludGVybWVkaWF0ZVNpZ25pbmdLZXkiOnsic2lnbmVkS2V5Ijoie1wia2V5VmFsdWVcIjpcIk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRVVKVzhMalV0VFY3ZXNETUpMdENlOGhZamxjUWloOGc3SFA1YmdPNHlzbWE0L0N3R3EwQ25aNUcwdDBvNDREOTJkOUwzU2ZYUzJHeUsyUEpNdEUvTkJnXHUwMDNkXHUwMDNkXCIsXCJrZXlFeHBpcmF0aW9uXCI6XCIxNzI0MTIwNTE1MDAwXCJ9Iiwic2lnbmF0dXJlcyI6WyJNRVlDSVFDMVpXZ0ZFYVNSMXBOYndUVzZsaVFMN1dYWlFaRXh4MUlkajdvUXpIdm9QUUloQU94MWIrOUNhbWZEZVpVY0hYcFUwMXhUZmE2RWFhSDNUZ0thVEJucnN1dUciXX0sInByb3RvY29sVmVyc2lvbiI6IkVDdjIiLCJzaWduZWRNZXNzYWdlIjoie1wiZW5jcnlwdGVkTWVzc2FnZVwiOlwieStYQTFsdHdsZFRjbVZTWndmVmF5UDdiMGhQTkxPREd5aTJVZ0NDSmNTU3MwaUJqNzNITUw1ZVdjWUJpVCtUK1pQOFNtVjU0VTlFMkFtdVJ3VmVWWUhhaThaL2FqcnhFN2ZNK0Z2L2U5SVh0MzZXakM0U1doQUhNOFQvRGtPbEU2QmN1b0tBTXo2aUxrSko0MGcwekFrVUtpamxuNVlFYmhMWEhSb2gvNWwvOHdHTkR4RXJJN0pkTlo0Y0E5dmg4Z28vZ1IyWVhLeFZuZ0ZINFBGSGNHeUthNE1LbllEQVRNQkRkeC9GK01JNHZWdFBMWHJ1VFBwRzBIQmdMbEpjdDk1TFpsOVQ2ODZzT1d1d2c0cFdMTFNxY2J1cWQrTUFaWmloeTJGVys5Y2RLTlhzZWJMOTFyUmJxN2RhaHRFVDFLOTBZenlXek05Q2ZudGNqSGY1WXFobnNzQXBuRStKYjdPWittbjVoTzI3WjkzYnk3RzNGZ2k3WXhKcWNXNG8vNEQrTklBTmUwQnF3YkZ5aHc1VW44cklLa1hnLy9XRDlUbEZIbDJvSWd5T0tuWkxPOE5ybmZFZmZveHN0dlJmdDFlbmFmRDBEYWRVazJJTDUrUVx1MDAzZFx1MDAzZFwiLFwiZXBoZW1lcmFsUHVibGljS2V5XCI6XCJCRnp5cy84T3k0aUJ1MFpZbExjeTVTTlpVT0tGUWhUeC85ODVxaU1GS0dzc1ZtNEZrOWh3ZVdsZW15Q2xNYkkyMTZsYnNQUzRTeTE1YWIvNzVnVzF2MDhcdTAwM2RcIixcInRhZ1wiOlwianBIVWVIclp1STF5Nzd3UmlzRnpuT2FkQXpsUDJqZThSRnBUOVBGcG1Ic1x1MDAzZFwifSJ9&redirect_url=https://www.yabandpay.com/redirect_url&request_id=g77ur3oqhkqd348iljrb04pbj412rka3&sub_pay_method=Google Pay&time=1723517503&timeout=0&user=016683"

Use stringA and secret_key to get stringSign

Get Signature:

"87c9a0c3b4efb2a709323cdd809efc5aa90a16a5d9fff802634e27ced8d4cae6"

Example Request (operation=1 Sales):

{
    "user": "info@yabandmedia.com",
    "sign": "87c9a0c3b4efb2a709323cdd809efc5aa90a16a5d9fff802634e27ced8d4cae6",
    "method": "v3.GooglePay",
    "time": 1721979693,
    "data": {
        "description": "test",
        "timeout": "0",
        "pay_method": "online",
        "sub_pay_method": "Google Pay",
        "order_id": 1721979693,
        "amount": "0.1",
        "currency": "EUR",
        "operation": "1",
        "redirect_url": "https://www.yabandpay.com/redirect_url",
        "notify_url": "https://www.yabandpay.com/notify",
        "3ds_initiate": "01",
        "payment_token_object": "eyJzaWduYXR1cmUiOiJNRVVDSVFDOEJmbDJrSkttUjVvOUxNc3RCYnA0MGtBRW9FQnh4SlQ4VTl2UVgyc1JMd0lnTUJTOWpidDFxR0NoVmxmeElDUTdYOHBKM3VYN1lkY0M5UFd1eEVubmo5b1x1MDAzZCIsImludGVybWVkaWF0ZVNpZ25pbmdLZXkiOnsic2lnbmVkS2V5Ijoie1wia2V5VmFsdWVcIjpcIk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRVdabXZVODU3SnlOV2ZEbFFuVzBaRG1MUEpoSG91dlpsT09aZk5ORm9nWElJVlRVTnNYNGJ0MEZFakdpVEs4QTNGb094a0d5NStrQ0ZCWDUyL0hhcS93XHUwMDNkXHUwMDNkXCIsXCJrZXlFeHBpcmF0aW9uXCI6XCIxNzIwNTg5NjI3MTk5XCJ9Iiwic2lnbmF0dXJlcyI6WyJNRVVDSVFDbWpKSmFMYzUxWEo3T3dEaUY5QVVIVloyVytGMFJSVWdnNmI5YUc0S2hiUUlnVDBKeVdjRHNlcEpyc2ZyM0xzekdtTUpUNkxZSitzRmZ5YWtmYlIweHg1c1x1MDAzZCJdfSwicHJvdG9jb2xWZXJzaW9uIjoiRUN2MiIsInNpZ25lZE1lc3NhZ2UiOiJ7XCJlbmNyeXB0ZWRNZXNzYWdlXCI6XCJBaVhPT3BJYitNdGxSWnV3MW9nL3ZLVVdvT3FmVEcwZndMcG14WCtuSkFPRXJPQkFYa3dWWG8zd01DaVpQaEppZVN3dHZBNnFaVXpWVTBOVWJaWTVSdE1qZWxUWnVHV3dKcjdRVU9Ob3NXRzFXSmd4bjRHVVRPL2g2Nzdpd2ROajgzbVRDdWNPZnNHeDVMcTZCdXZXT1F0a21Gdk9qSnVSN1daQ2k3QTl4S2tWckxvVEsyWEpBNmNxb0pZMERpa1NMOU1WQW5JWVNyenpCakFwWVc0SGxXTm14ZnJYUUUzYTFKTW95UlRDWWR4azZwUGVzNi9xOG5zN2Fid1RHUGNicmNVZndaN0hiSnFWRVd1aFZxTWpxZW50RHgvRXd3SHFYd0s0YUhMc0hvOGVkc09jbEdMTXBNeFVVOHc0MHJ2ZFNxc3NyUEFmN0RnSGoydkNBNUt2amMrcnBaaGY0Wnl1UkFacHpHSmNvYXNTV3JVeXNqUG5FcFNyVnpzbWV3ejB1K2JyYmNFOTlFNnd0cHhnWVZwUVl0d3FmY2FRY3ZJWUZaT3FXaEJGNFpXcUZoUmdGSkZlQVJSQU1ndnlURmhDaVhObExqcFZcIixcImVwaGVtZXJhbFB1YmxpY0tleVwiOlwiQk83SUpTMVNBanlqWG9EUTVOblBqZmk3dWJ3UVB0Mkx1OFZVQm9SVlh0Q2pWV3h4UUNLWm9sbmc0cnBmUEdaVlRyQzNwOWRUMEtveWhBc2NsR0Z5ZFhFXHUwMDNkXCIsXCJ0YWdcIjpcImtoT1dIRUlSSzBuWVBiWU1OdnhkZVNUTzlsYWJRdlBYZWQrQ1NLZTFyZ1FcdTAwM2RcIn0ifQ==",
        "browser_info": "eyJicm93c2VyX2phdmFfc2NyaXB0X2VuYWJsZWQiOiJ0cnVlIiwiYnJvd3Nlcl9qYXZhX2VuYWJsZWQiOiJ0cnVlIiwiYnJvd3Nlcl9jb2xvcl9kZXB0aCI6IjMyIiwiYnJvd3Nlcl9zY3JlZW5faGVpZ2h0IjoiOTYwIiwiYnJvd3Nlcl9zY3JlZW5fd2lkdGgiOiIxMDIwIiwiYnJvd3Nlcl90eiI6IjYwIiwiYnJvd3Nlcl9hY2NlcHRfaGVhZGVyIjoidGV4dC9odG1sLGFwcGxpY2F0aW9uL2pzb24sYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsKi8qO3E9MC44IiwiY2hhbGxlbmdlX3dpbmRvd19zaXplIjoiMDMiLCJhY2NlcHRfbGFuZ3VhZ2UiOiJ6aC1DTiIsInVzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNTguMC4zMDI5LjExMCBTYWZhcmkvNTM3LjMifQ==",
        "request_id": "2cwmm7wubqkgtzbtzjhvhkaubev81a0r"
    }
}

Example Response:

{
    "status": true,
    "code": "200",
    "data": {
        "order_id": "1723517503",
        "trade_id": "e684679e-658b-ac70-fd9e-e4959e147e00",
        "amount": "0.10",
        "currency": "EUR",
        "settlement_amount": "0.10",
        "settlement_currency": "EUR",
        "exchange_rate": "1",
        "sub_pay_method": "Google Pay",
        "state": "processing",
        "url": "https://pay.yabandpay.com/dispose_shift4_googlepay_3ds?data=eyJwc3QiOiJlNjg0Njc5ZS02NThiLWFjNzAtZmQ5ZS1lNDk1OWUxNDdlMDAiLCJzaWduX3RyYWRlX2lkIjoiNWZkNzc5Zjg0MmY1ZTc2ZjVmNGQzNGQyNGQ5MGZkMzYyZWMyZGY5ZjU0ODk5ZjBlZDgxYTRkYWUxODM2MmEwNCIsInVzZXIiOiIwMTY2ODMifQ=="
    },
    "message": "",
    "response_id": "202408131051432400124088"
}

More Information:

Return results:
  1. On a successful API call, the response will be "status": true.

  2. On a failed API call, the response will be "status": false.

You need to redirect to the returned url. After the user enters their card information and completes the payment at this url, they will be redirected back to the redirect_url.

We strongly recommend using both Order Query and Asynchronous Notification simultaneously to synchronize and update payment status, ensuring real-time accuracy of payment information.

Result/Error codes:
Status Code Message
true 200
fales -1000 Internal error
fales -403 The signature Error
fales -2001 The user not exist
fales -3001 Required field is missing
fales -4118 Incorrect request ID

results matching ""

    No results matching ""