Google Pay
Google Pay™ transactions can be processed via the Saferpay Payment Page, without much effort from you side. Note that Google Pay is not a classic means of payment, but rather a digital wallet. Your customers will still pay with Visa, Mastercard, or whatever credit card has been saved inside the wallet, thus the actual recorded payment method will correspond to this. However, Saferpay will also return information that this transaction has been performed through Google Pay. Furthermore, all options and limitations of the used means of payment apply, if not mentioned otherwise in this chapter.
The following chapter will guide you through the steps required in order to activate and use Google Pay.
The handling of Google Pay payments with Saferpay requires:
- The corresponding Saferpay eCommerce licence and thus the existence of a valid identification with a username and password for the Saferpay system.
- Availability of at least one active Saferpay terminal by which payments can be carried out and availability of the associated Saferpay TerminalId.
- An active card acquiring contract with an acquirer who supports Google Pay for at least one of the following brands: Visa/V PAY, Mastercard, American Express.
Since Google Pay is not a classical payment method, but a digital wallet, the supported features depend on the payment means, that are used.
Furthermore, the merchant can only accept payment methods, that are activated on the specified terminal Id.
The payment means within the wallet are then processed via the normal processors.
For example: If a card holder selects his Visa card, the card is then processed as such, through Google Pay as the wallet.
Within Google Pay itself, Saferpay Supports the following featureset:
Feature | Via Payment Page | Via Server-To-Server |
|---|---|---|
Pay with Cryptogram | ✅ | ✅ |
Pay with PAN only | ✅ | ✅ |
3-D Secure (Cryptogram/PAN only) | ✅/✅ | ✅/✅ |
The Difference between PAN only and Cryptogram lies in the way authentication/3D Secure is handled:
Cryptogram: Authentication is handled by the device, e.g. by using the devices fingerprint sensor. This is limited to Android devices, using the Google Chrome browser! All other devices and browsers will always chose PAN Only!
While the Saferpay Payment Page handles both cases automatically, the Server-To-Server method of integration needs special attention during implementation, in order to handle both cases correctly.
The activation of Google Pay for your Saferpay account, be it live, or on the test-environment, requires next to no effort and can be done in a matter of seconds:
1 - First step is to log into the Saferpay Backoffice, there you have to navigate to the Settings tab and click on Payment Means / Terminals.
(click to enlarge)
2 - Next, select the e-Commerce, or Secure PayGate terminal on which you want to activate Google Pay.
3 - Navigate to the Wallets section, there you will find Google Pay.
4 - Activate Google Pay either for the Payment Page, or for the server to server Business flow.
If you are on the Test-Environment, please always use the Google Pay Simulator!
(click to enlarge)
5 - You will be prompted with a message, to confirm your choice. Click Activate, to activate Google Pay.
6 - And you are done! Google Pay is now available for you on your Saferpay Terminal.
The general integration of Google Pay can only be done via the Payment Page, or via server-to-server communication and requires the following things to be noted:
- Google Pay is only available with SpecVersion 1.25 or higher.
- The notification URLs, inside the
Notificationconatiner are mandatory, in order to avoid missing payment successes. See the Payment Page process for further information. - Google Pay does not support the usage of the Address Form, used by the Payment Page! However you can acquire the address saved inside the wallet itself, e.g. for an Express Checkout.
- The
Conditionparameter does only work for "PAN only" transactions.
The Payment Page Integration follows the normal flow and Guidelines, as described here. The handling of all Google Pay related aspects -calling the Google Pay API , displaying information, 3-D Secure etc.- will be done by the Payment Page automatically and thus is none of your concern!
However there are some optional features, you can implement, outside of the normal Payment Page flow.
If you want to directly select Google Pay, you have to use the parameter Wallets within the PaymentPage Initialize request!
{
"RequestHeader": {
"SpecVersion": "[CURRENT SPECVERSION]",
"CustomerId": "[YOUR CUSTOMERID]",
"RequestId": "[YOUR REQUESTID]",
"RetryIndicator": 0,
"ClientInfo": {
"ShopInfo": "My Shop",
"OsInfo": "Windows Server 2016"
}
},
"TerminalId": "[YOUR TERMINAL]",
"Payment": {
"Amount": {
"Value": "12345",
"CurrencyCode": "EUR"
},
"OrderId": 123,
"Description": "Test Order #123"
},
"Wallets": [
"GOOGLEPAY"
],
"PaymentMethods": [
"VISA",
"MASTERCARD"
],
"ReturnUrls": {
"Success": "[YOUR URL]",
"Fail": "[YOUR URL]",
"Abort": "[YOUR URL]"
},
}
Due to restrictions from Google, Saferpay is not allowed to also directly select Google Pay! If you use this method, Google Pay will be displayed on the Payment Page, with the user having to select it.
If you are using
PaymentMethods, you must also submit Wallets, if you want Google Pay to be displayed. Also, if you are just submitting one payment method, the Payment Page will still directly jump to the card entry form, skipping Google Pay.If you are using
Wallets alongside PaymentMethods, you can limit the brands which your customers can use. However, note that the Payment Page also will display the given brands as dedicated payment methods, so the customer might pay this way instead of using Google Pay.Saferpay also offers the option for you to integrate Google Pay directly into your application. This allows a more integrated and seamless solution, as it does not require the usage of the payment page.
Furthermore, you'll also need a Saferpay Business license, in order to access the necessary API functions!
Please follow the following steps, in order to directly integrate Google Pay.
It is important to know, that, at this stage, you are directly integrating the Google Pay Widget here and not Saferpay. Google Pay covers the gathering of your clients account data, while Saferpay will use it to create a transaction.
This also means, that your integration underlies all the terms and conditions, rules and guidelines, defined by Google!
Furthermore, please read the following guidelines and documentation:
For Web-Integration:
For Android:
Google has an extensive documentation on how to achieve it for different use cases. For example a normal web-checkout, but other integrations, like Android-Apps are also possible.
Which integration-method you chose is up to you.
However, the one thing to take note of is to define the correct Payment Gateway, so Saferpay may process your clients data. Google already provides a code example, that has to be edited in the following way:
const tokenizationSpecification = {
type: 'PAYMENT_GATEWAY',
parameters: {
'gateway': 'worldlinesaferpay',
'gatewayMerchantId': 'YOUR_TERMINAL_ID'
}
};
private static JSONObject getGatewayTokenizationSpecification() throws JSONException {
return new JSONObject() {{
put("type", "PAYMENT_GATEWAY");
put("parameters", new JSONObject() {{
put("gateway", "worldlinesaferpay");
put("gatewayMerchantId", "YOUR_TERMINAL_ID");
}});
}};
}
Set the
gateway to worldlinesaferpay and the gatewayMerchantId to the terminalId of the terminal, you have activated Google Pay on.Once done, you can proceed to integrate Google Pay with Saferpay.
The important thing is, that you have to integrate Google Pay to the point, where you gather the Google Pay Payment Token which then needs to be passed to Saferpay.
Once you have the token, you need to submit it to the Saferpay payment gateway. In order to do so, you first need to pass the token to your backend, so it may be used in a server-to-server request.
How you do this, is up to you. You could use a normal POST, an AJAX-method, or other means to do so.
However never integrate the server-to-server communication to Saferpay on client-side, as it requires the Saferpay API credentials to be present. These could be extracted at this point, allowing an attacker easy access to your account!
Never store sensitive Data and Credentials on client-side!
This is done via the Transaction Interface, however the process is a little diffrent in the beginning.
Google Pay can follow two basic flows, being PAN only and a payment using a cryptogram. The latter is limited to android-devices, using the chrome browser, however there is one major difference between these two, that you must take into account, when integrating Google Pay through the Transaction Interface.
However, before it comes to that, you must submit the payment token to Saferpay, which is easily done, by putting it into the
PaymentMeans.GooglePay.PaymentToken parameter, with the Transaction Initialize request.Saferpay takes the token, analyzes it and, depending on which of the two above methods has been chosen, one of the two results can occour:
In this mode, Google Pay only prvides the payment means to Saferpay. From here on, the transaction behaves like any other transaction done via the Transaction Interface, so you can go to the Transaction Initialize response within the Transaction Interface flow and continue from there.
This is, where things can deviate from the standard flow. The difference between A and B lies within 3D Secure. While A does 3D Secure like any other transaction, on Android devices, Google Pay takes advantage of the integrated biometric functions (e.g. the finger-print sensor), in order to perform 3D Secure on the device. This makes the redirect, to Saferpay to perform 3D Secure, rather pointless.
{
"ResponseHeader": {
"SpecVersion": "[current Spec-Version]",
"RequestId": "[your request id]"
},
"Token": "234uhfh78234hlasdfh8234e",
"Expiration": "2015-01-30T12:45:22.258+01:00",
"LiabilityShift": true,
"RedirectRequired": false,
}
The interesting part is the
RedirectRequired parameter. If a cryptogram has been detected, this parameter will return false, indicating, that you can skip the redirect. Simply do so, by continuing Step #4 - Transaction Authorize Transaction Interface flow.The transaction will then behave like any other transaction, that has been initiated by the Transaction Interface.
There are two exception to this.
- 1.If you have Dynamic Currency Conversion enabled on your terminalId, then the redirect will be still required, as this feature is executed on Saferpay-side.
- 2.If 3D Secure AND Dynamic Currency Conversion are both disabled on your terminalId, 2-A will also show
RedirectRequired: false!
Simply activate Google Pay for your terminal on the test environment (see Activation). That will take care of everything necessary for the Payment Page. Google Pay on the Payment Page also supports
For the Server-to-Server method, you can use our normal test cards in conjunction with our Google Pay Token generator, in order to test GooglePay Server-To-Server, using the normal test-cases, our cards offer you. The generated payment tokens just simply have to be submitted to Saferpay, as described above.
Last modified 4d ago