Skip to main content

Google Pay™

An endpoint to decrypt and tokenize a Google Payment token. This endpoint only supports the ECv2 token versions. It supports both auth methods, PAN_ONLY and CRYPTOGRAM_3DS.

When requesting a payment token, use basistheory as the gateway and your tenant ID for gatewayMerchantId. There is no requirement to include addresses. Basis Theory does not perform address verification.

const tokenizationSpecification = {
type: 'PAYMENT_GATEWAY',
parameters: {
'gateway': 'basistheory',
'gatewayMerchantId': '<TENANT ID>'
}
};

Tokenize

This process utilizes Basis Theory's Token Intents. This endpoint will decrypt a provided Google Payment token and tokenize to a Basis Theory Token Intent.

To use the API, pass the encrypted Google Payment token received from the Google API in the google_payment_method_token object in the Basis Theory request object.

Basis Theory supports the PAN_ONLY and CRYPTOGRAM_3DS authorization methods. The table below shows the resulting Token Intent type based on the Google Payment Token's authMethod attribute.

Auth MethodToken Type
PAN_ONLYcard
CRYPTOGRAM_3DSnetwork_token
POST
https://api.basistheory.com/connections/google-pay/tokenize
Copy

Permissions

token-intent:create

Request

curl --request POST \
--url https://api.basistheory.com/connections/google-pay/tokenize \
--header 'BT-API-KEY: <API_KEY>' \
--header 'Content-Type: application/json' \
--data '{
"google_payment_method_token": {
"protocolVersion": "ECv2",
"signature": "...",
"intermediateSigningKey": {
"signedKey": "...",
"signatures": [
"..."
]
},
"signedMessage": "..."
}'

Request Parameters

AttributeRequiredTypeDescription
google_payment_method_tokentrueGoogle Payment TokenThe Google Payment method token.

Response

Returns a Token Intent if successful. Returns an error if there were validation errors, if the Google payment token failed to decrypt create, or the Token Intent failed to create.

{
"token_intent": {
"id": "d4cf4b73-d6c7-4270-a3dc-5854d889708b",
"type": "card",
"tenant_id": "064bbc70-204b-4ef1-a757-ec0878be5945",
"fingerprint": "3SUw6NP2JgpQAJW4tvVczznnzxnTKrBM9TVXGpPPB7Vf",
"created_by": "f0f504e5-79c2-40a6-aad3-dbee7a692828",
"created_at": "2025-01-24T15:37:52.8143798+00:00",
"expires_at": "2025-01-25T15:37:52.8143802+00:00",
"card": {
"bin": "411111",
"last4": "1111",
"expiration_month": 12,
"expiration_year": 2027,
"brand": "visa",
"funding": "debit",
"authentication": "sca_required"
},
"authentication": {
"threeds_cryptogram": "AAAAAAA....",
"eci_indicator": "02"
},
"_extras": {
"tsp_details": {
"tsp": "Google",
"auth_method": "PAN_ONLY",
"message_id": "AH2EjtdkuuxxO3nA7RuWAo0fU4u5BPoySvd9ajlSSrTWy3yTCu2IRbRwp8K3sFjSUS-ELa7UzetwY6UFsNLISYiKY6arNIOfYxutYYH3LJdIH0UcmoRDzmM",
"eci_indicator": "",
"assurance_details": {
"account_verified": true,
"card_holder_authenticated": false
}
}
}
}
}

Token Intents and the resulting tokens created from a Google payment token will contain a tsp_details object in the _extras attribute.

The attributes in the _extras object are NOT addressable in proxies or reactors.

AttributeTypeDescription
_extrasObjectParent object containing additional details.
tsp_detailsObjectDetails related to the transaction service provider (TSP).
tspStringThe name of the transaction service provider.
auth_methodStringThe authentication method used.
message_idStringUnique identifier for the message.
eci_indicatorStringElectronic Commerce Indicator (may be empty).
assurance_detailsObjectInformation about the assurance of the transaction.
account_verifiedBooleanIndicates if the account was verified.
card_holder_authenticatedBooleanIndicates if the cardholder was authenticated.

Testing

Basis Theory provides a mechanism to create fake Token Intents using this endpoint. Changing the protocolVersion to BasisTheory will instead process a fake Google payment token in a different manner.

To create a card Token Intent, set the signature to card. The signedMessage should contain number, expiration_month, and expiration_year.

Fake card token
{
"google_payment_method_token": {
"protocolVersion": "BasisTheory",
"signature": "card",
"intermediateSigningKey": {
"signedKey": "fake",
"signatures": [
"fake"
]
},
"signedMessage": "{\"number\": 4242424242424242, \"expiration_month\": 4, \"expiration_year\": 2025 }"
}
}

To create a network_token, set the signature to network_token. In addition to the attributes defined for the fake card token, include cryptogram and eci_indicator. The value of these attributes will be persisted in the authentication object of the Token Intent.

Fake network_token
{
"google_payment_method_token": {
"protocolVersion": "BasisTheory",
"signature": "network_token",
"intermediateSigningKey": {
"signedKey": "fake",
"signatures": [
"fake"
]
},
"signedMessage": "{\"number\": 4242424242424242, \"expiration_month\": 12, \"expiration_year\": 2025, \"cryptogram\": \"AAAAA....\", \"eci_indicator\": \"01\"}"
}
}

Additional Resources

For additional information on using Google Pay™, view the documentation provided by Google.