Google Pay™ allows users to pay with cards stored in their Google account, providing a fast and secure checkout experience across Android devices and web browsers.

As a Google Pay participating payment processor, ecartpay handles all token decryption and payment processing on behalf of merchants. You can offer Google Pay to your customers without managing encryption keys or handling raw card data.

📘

How it works

ecartpay supports the PAYMENT_GATEWAY tokenization type:

• Google Pay encrypts payment credentials using ecartpay's registered public key.
• ecartpay decrypts the token server-side, extracts the card data, and processes the payment.
• Merchants never handle raw card numbers (PAN), reducing PCI scope.

Brand Guidelines

If you offer Google Pay as a payment method, you must use the official Google Pay logo and buttons. Do not modify the colors, proportions, or appearance of any Google Pay assets.

Follow the brand guidelines for your platform:

• Web: Google Pay Web Brand Guidelines
• Android: Google Pay Android Brand Guidelines

Download approved assets and use the official button generator provided in the brand guidelines documentation.

Implementation Paths

ecartpay supports Google Pay on the Web and Android platforms. Depending on your integration type, follow the appropriate documentation:

Web

Android

Hosted Checkout Integration

ecartpay provides a hosted checkout solution with Google Pay™ built in. When using ecartpay's hosted checkout, Google Pay is automatically available to your customers without any additional frontend development.

Steps to enable

1. Ensure your ecartpay account is active with a card payment method enabled.
2. No additional configuration is required — Google Pay is automatically displayed when the customer's browser or device supports it.
3. ecartpay's hosted checkout handles SDK loading, eligibility checks, and the full payment flow on your behalf.

Content Security Policy (CSP)

If you embed ecartpay's hosted checkout in an iframe, ensure your Content Security Policy allows the following domains:

script-src: https://pay.google.com
frame-src: https://pay.google.com
connect-src: https://payments.google.com https://pay.google.com

🚧

Policy compliance

When using ecartpay's hosted checkout with Google Pay, you must comply with the Google Pay & Wallet API Acceptable Use Policy and accept the terms defined in the Google Pay API Terms of Service.

Direct API Integration

If you integrate Google Pay directly on your own website or app using ecartpay as your payment processor, follow these steps:

Step 1. Load the Google Pay JavaScript library on your website:

<script src="https://pay.google.com/gp/p/js/pay.js" async></script>

Step 2. Register in the Google Pay & Wallet Console to obtain your Google merchantId (required for production).

Step 3. Configure the TokenizationSpecification with ecartpay's gateway values (see Gateway Configuration).

Step 4. Send the encrypted payment token to ecartpay's API for processing (see Processing Payment Data).

🚧

Policy compliance

To use Google Pay through ecartpay's API, you must comply with the Google Pay & Wallet API Acceptable Use Policy and accept the terms defined in the Google Pay API Terms of Service.

Gateway Configuration

As a Google Pay participating payment processor, ecartpay uses the PAYMENT_GATEWAY tokenization type. ecartpay handles all decryption on your behalf.

Set the following values in the TokenizationSpecification object:

TokenizationSpecification Example

{
  "tokenizationSpecification": {
    "type": "PAYMENT_GATEWAY",
    "parameters": {
      "gateway": "ecartpay",
      "gatewayMerchantId": "YOUR_ECARTPAY_ACCOUNT_ID"
    }
  }
}

Full Allowed Payment Method Example

{
  "type": "CARD",
  "parameters": {
    "allowedAuthMethods": ["PAN_ONLY", "CRYPTOGRAM_3DS"],
    "allowedCardNetworks": ["VISA", "MASTERCARD", "AMEX"]
  },
  "tokenizationSpecification": {
    "type": "PAYMENT_GATEWAY",
    "parameters": {
      "gateway": "ecartpay",
      "gatewayMerchantId": "YOUR_ECARTPAY_ACCOUNT_ID"
    }
  }
}

📘

Where to find your gatewayMerchantId

Your gatewayMerchantId is the Account ID assigned to you in ecartpay's system. You can find it in your ecartpay dashboard under account settings.

Authorization Methods

ecartpay's Google Pay integration supports two types of card credentials:

Set both methods in the allowedAuthMethods array to maximize payment acceptance:

"allowedAuthMethods": ["PAN_ONLY", "CRYPTOGRAM_3DS"]

📘

Recommendation

We recommend enabling both PAN_ONLY and CRYPTOGRAM_3DS to maximize the number of customers who can pay with Google Pay.

Supported Card Networks

ecartpay supports the following card networks for Google Pay transactions. Define the networks you accept in the allowedCardNetworks property:

"allowedCardNetworks": ["VISA", "MASTERCARD", "AMEX"]

You may include only the networks you wish to accept. Refer to the Google Pay Web and Android documentation for the full list of available values.

3D Secure (3DS)

ecartpay supports 3D Secure verification for Google Pay transactions to enhance payment security and reduce fraud.

PAN_ONLY transactions

For PAN_ONLY credentials returned from Google Pay, ecartpay automatically initiates the 3DS verification flow when required by the card issuer or the merchant's risk configuration. No additional configuration is needed from the merchant — ecartpay handles the 3DS challenge as part of the standard payment processing pipeline.

CRYPTOGRAM_3DS transactions

For CRYPTOGRAM_3DS credentials, authentication is already performed by Google Pay at the device level. The decrypted payload includes:

• cryptogram — The 3DS cryptogram generated by the device.
• eciIndicator — The Electronic Commerce Indicator value.

ecartpay automatically forwards these indicators to the acquirer, so no additional 3DS step is required.

👍

No action required

ecartpay handles 3DS automatically for both credential types. Merchants do not need to configure anything additional for 3DS to work with Google Pay.

Billing Address Requirements

If a billing address is required for payment verification, you can request it from Google Pay by setting billingAddressRequired to true in the payment method parameters.

{
  "allowedPaymentMethods": [
    {
      "type": "CARD",
      "parameters": {
        "allowedAuthMethods": ["PAN_ONLY", "CRYPTOGRAM_3DS"],
        "allowedCardNetworks": ["VISA", "MASTERCARD", "AMEX"],
        "billingAddressRequired": true,
        "billingAddressParameters": {
          "format": "FULL",
          "phoneNumberRequired": true
        }
      },
      "tokenizationSpecification": {
        "type": "PAYMENT_GATEWAY",
        "parameters": {
          "gateway": "ecartpay",
          "gatewayMerchantId": "YOUR_ECARTPAY_ACCOUNT_ID"
        }
      }
    }
  ]
}

For more details on billing address parameters, see BillingAddressParameters in the Google Pay documentation.

Processing Payment Data

After a customer authorizes a payment through Google Pay, the encrypted payment data is returned in the response. This token must be sent to ecartpay's API for decryption and processing.

Step 1: Extract the encrypted token

The encrypted token is available in the paymentMethodData.tokenizationData.token property of the PaymentData response object from Google Pay.

const paymentData = await paymentsClient.loadPaymentData(paymentDataRequest);
const encryptedToken = paymentData.paymentMethodData.tokenizationData.token;

Step 2: Send the token to ecartpay

Submit the encrypted token to ecartpay's payment processing endpoint along with the order details:

curl --request POST \
  --url https://api.ecartpay.com/api/process-payment \
  --header 'Authorization: Bearer YOUR_AUTH_TOKEN' \
  --header 'Content-Type: application/json' \
  --data '{
    "order_id": "ORDER_ID",
    "method_id": "PAYMENT_METHOD_ID",
    "google_pay_token": "{ENCRYPTED_GOOGLE_PAY_TOKEN}"
  }'

What ecartpay does server-side

1. Verifies the token's cryptographic signatures against Google's root signing keys.
2. Decrypts the payload using ecartpay's private key (ECIES-KEM with HKDF + AES-CTR).
3. Validates message expiration.
4. Extracts card credentials (PAN, expiration, 3DS indicators).
5. Processes the payment through the configured acquirer.
6. Returns the transaction result.

Response example

{
  "success": true,
  "status": "paid",
  "order_id": "ORDER_ID",
  "transaction_id": "TXN_ID"
}

📘

Token handling

The google_pay_token field accepts the raw encrypted token string as returned by Google Pay. ecartpay handles all cryptographic verification and decryption — you never need to parse or modify this token.

Testing

Before going live, test your integration using Google Pay's TEST environment:

Step 1. Set the Google Pay environment to TEST:

const paymentsClient = new google.payments.api.PaymentsClient({
  environment: 'TEST'
});

Step 2. Use any Google account to make test payments. In TEST mode, Google Pay returns test tokens that can be processed by ecartpay's test environment.

Step 3. Verify that the payment flow completes successfully and the order status updates to paid.

📘

Test environment

In TEST environment, Google Pay returns dummy card data. Real charges are not made. Test cards from Google's test card suite can be used for additional testing scenarios.

Going Live

To enable Google Pay in production:

Step 1. Register in the Google Pay & Wallet Console and obtain your production merchantId.

Step 2. Switch the environment from TEST to PRODUCTION:

const paymentsClient = new google.payments.api.PaymentsClient({
  environment: 'PRODUCTION'
});

Step 3. Include your merchantId and merchantName in the merchantInfo object:

{
  "merchantInfo": {
    "merchantId": "YOUR_GOOGLE_MERCHANT_ID",
    "merchantName": "Your Store Name"
  }
}

Step 4. Submit your integration for review through the Google Pay & Wallet Console.

🚧

Important distinction

The merchantId in merchantInfo is your Google-assigned merchant ID from the Google Pay & Wallet Console. This is different from the gatewayMerchantId in the TokenizationSpecification, which is your ecartpay Account ID.