Google Pay™
An endpoint to decrypt and tokenize a Google Payment token.
This endpoint only supports the ECv2 token versions.
It supports both auth methods, PAN_ONLY and CRYPTOGRAM_3DS.
When requesting a payment token, use basistheory as the gateway and your tenant ID for gatewayMerchantId.
There is no requirement to include addresses. Basis Theory does not perform address verification.
const tokenizationSpecification = {
type: 'PAYMENT_GATEWAY',
parameters: {
'gateway': 'basistheory',
'gatewayMerchantId': '<TENANT ID>'
}
};
Tokenize
This process utilizes Basis Theory's Token Intents. This endpoint will decrypt a provided Google Payment token and tokenize to a Basis Theory Token Intent.
To use the API, pass the encrypted Google Payment token received from the Google API in the google_payment_method_token object in the Basis Theory request object.
Basis Theory supports the PAN_ONLY and CRYPTOGRAM_3DS authorization methods.
The table below shows the resulting Token Intent type based on the Google Payment Token's authMethod attribute.
| Auth Method | Token Type |
|---|---|
| PAN_ONLY | card |
| CRYPTOGRAM_3DS | network_token |
Permissions
token-intent:create
Request
- cURL
- Node
- C#
- Python
curl --request POST \
--url https://api.basistheory.com/connections/google-pay/tokenize \
--header 'BT-API-KEY: <API_KEY>' \
--header 'Content-Type: application/json' \
--data '{
"google_payment_method_token": {
"protocolVersion": "ECv2",
"signature": "...",
"intermediateSigningKey": {
"signedKey": "...",
"signatures": [
"..."
]
},
"signedMessage": "..."
}'
await client.googlepay.tokenize({
googlePaymentMethodToken: {...}
});
await client.Googlepay.TokenizeAsync(new GooglePayTokenizeRequest
{
GooglePaymentMethodToken = new GooglePaymentMethodToken
{
...
}
});
client.googlepay.tokenize(
google_payment_method_token={
...
}
)
Request Parameters
| Attribute | Required | Type | Description |
|---|---|---|---|
google_payment_method_token | true | Google Payment Token | The Google Payment method token. |
Response
Returns a Token Intent if successful. Returns an error if there were validation errors, if the Google payment token failed to decrypt create, or the Token Intent failed to create.
{
"token_intent": {
"id": "d4cf4b73-d6c7-4270-a3dc-5854d889708b",
"type": "card",
"tenant_id": "064bbc70-204b-4ef1-a757-ec0878be5945",
"fingerprint": "3SUw6NP2JgpQAJW4tvVczznnzxnTKrBM9TVXGpPPB7Vf",
"created_by": "f0f504e5-79c2-40a6-aad3-dbee7a692828",
"created_at": "2025-01-24T15:37:52.8143798+00:00",
"expires_at": "2025-01-25T15:37:52.8143802+00:00",
"card": {
"bin": "411111",
"last4": "1111",
"expiration_month": 12,
"expiration_year": 2027,
"brand": "visa",
"funding": "debit",
"authentication": "sca_required"
},
"authentication": {
"threeds_cryptogram": "AAAAAAA....",
"eci_indicator": "02"
},
"_extras": {
"tsp_details": {
"tsp": "Google",
"auth_method": "PAN_ONLY",
"message_id": "AH2EjtdkuuxxO3nA7RuWAo0fU4u5BPoySvd9ajlSSrTWy3yTCu2IRbRwp8K3sFjSUS-ELa7UzetwY6UFsNLISYiKY6arNIOfYxutYYH3LJdIH0UcmoRDzmM",
"eci_indicator": "",
"assurance_details": {
"account_verified": true,
"card_holder_authenticated": false
}
}
}
}
}
Token Intents and the resulting tokens created from a Google payment token will contain a tsp_details object in the _extras attribute.
The attributes in the _extras object are NOT addressable in proxies or reactors.
| Attribute | Type | Description |
|---|---|---|
_extras | Object | Parent object containing additional details. |
tsp_details | Object | Details related to the transaction service provider (TSP). |
tsp | String | The name of the transaction service provider. |
auth_method | String | The authentication method used. |
message_id | String | Unique identifier for the message. |
eci_indicator | String | Electronic Commerce Indicator (may be empty). |
assurance_details | Object | Information about the assurance of the transaction. |
account_verified | Boolean | Indicates if the account was verified. |
card_holder_authenticated | Boolean | Indicates if the cardholder was authenticated. |
Testing
Basis Theory provides a mechanism to create fake Token Intents using this endpoint.
Changing the protocolVersion to BasisTheory will instead process a fake Google payment token in a different manner.
To create a card Token Intent, set the signature to card.
The signedMessage should contain number, expiration_month, and expiration_year.
{
"google_payment_method_token": {
"protocolVersion": "BasisTheory",
"signature": "card",
"intermediateSigningKey": {
"signedKey": "fake",
"signatures": [
"fake"
]
},
"signedMessage": "{\"number\": 4242424242424242, \"expiration_month\": 4, \"expiration_year\": 2025 }"
}
}
To create a network_token, set the signature to network_token.
In addition to the attributes defined for the fake card token, include cryptogram and eci_indicator.
The value of these attributes will be persisted in the authentication object of the Token Intent.
{
"google_payment_method_token": {
"protocolVersion": "BasisTheory",
"signature": "network_token",
"intermediateSigningKey": {
"signedKey": "fake",
"signatures": [
"fake"
]
},
"signedMessage": "{\"number\": 4242424242424242, \"expiration_month\": 12, \"expiration_year\": 2025, \"cryptogram\": \"AAAAA....\", \"eci_indicator\": \"01\"}"
}
}
Additional Resources
For additional information on using Google Pay™, view the documentation provided by Google.