Google Pay

Google PayTM enables customers to securely perform payments via the web or on an Android app with Payment methods already saved to their Google account. Customers can easily check out with just a few clicks, sometimes reducing the need to enter their payment and shipping information for each purchase.

BR-DGE offers multiple ways to integrate with Google Pay, so you can enable the feature in a way that suits you.

Enabling Google Pay Within Your BR-DGE Retail Channels

Please get in contact with support to add Google Pay to your BR-DGE retail channels.

Integration Options

BR-DGE offers Google Pay via our REST API, SDK and Hosted Payment Page.

API First

You can follow the official Google Pay documentation to integrate your web or Android application using BR-DGE as your gateway.

Please refer to our REST API - Google PayTM page for more information on this integration option.

REST API + SDK

You can let BR-DGE handle all interactions with Google by using the BR-DGE Web SDK.

The Web SDK will intelligently offer Google Pay if the feature is enabled on your BR-DGE Retail Channel and supported by your customer's device.

Please refer to our Web SDK - Google Pay module page for more information on this integration option.

REST API + Hosted Payment Page

The BR-DGE Hosted Payment Page will intelligently offer Google Pay to your customers if the feature is:

  1. Enabled on your BR-DGE Retail Channel.
  2. Supported by your customer's device.
  3. Enabled on your BR-DGE Hosted Payment Page order.

Please refer to our Hosted Payment Page - Digital Wallets page for more information on this integration option.

Understanding Google Pay Token Auth Methods

The Google Pay API might return cards on file on Google.com (PAN_ONLY) or a device token on an Android-powered device authenticated with a 3-D Secure cryptogram (CRYPTOGRAM_3DS). You can control whether tokens using either authentication method or just one of them can be returned.

CRYPTOGRAM_3DS (DPAN - Device Primary Account Number)

Often referred to as a "DPAN," this token represents a dynamically generated, cryptographically secure token that replaces the actual PAN. DPANs enhance security by never exposing the raw card number. They are primarily used in native Android apps via Google Pay for Android but are also supported on Google Chrome for Android browsers and Android WebViews via Google Pay for Web.

PAN_ONLY (Payment Account Number Only)

This token contains the customer's raw Primary Account Number (PAN), which is the long card number. While widely supported across browsers and devices, it offers less inherent security compared to DPANs as the raw card data is exposed to merchants and/or payment processors (albeit still encrypted during transmission).

PAN_ONLY authenticated tokens DO NOT contain a 3-D Secure cryptogram, so you'll need to handle cardholder authentication separately. If you're using the Hosted Payment Page, this process is automatic for orders where threeDSecureRequired is set to true. When submitting payments through the POST payments endpoint, you can utilize the BR-DGE 3-D Secure Payment Flow by also setting threeDSecureRequired to true.

Key Differences and Considerations

PAN_ONLYCRYPTOGRAM_3DS (DPAN)
Data ProvidedRaw Primary Account Number (PAN)Dynamically generated, cryptographically secure token and 3-D Secure cryptogram.
SecurityLess secure (raw PAN exposed to BR-DGE and downstream payment processors)More secure (raw PAN never exposed to BR-DGE or downstream payment processors)
Device/Browser SupportBroader range of browsers and devicesNative Android apps, Android WebView and Google Chrome on Android (web)
Use CaseBroader reach, general web transactionsEnhanced security, native mobile payments

Choosing Your Preferred Token Auth Method

When selecting a token authentication method, you might consider your priorities:

  • Prioritizing Broad Reach: If you want to accept Google Pay across the widest possible range of browsers and devices, including desktop and mobile browsers other than Google Chrome for Android, supporting PAN_ONLY is necessary.
  • Prioritizing Enhanced Security: If your primary concern is maximizing security and minimizing exposure of raw card data, especially for native Android app payments, DPANs are the preferred choice.
  • Optimizing for Both: Many merchants will benefit from a hybrid approach, leveraging the strengths of both token types, but favouring the more secure DPANs where available.

Managing Google Pay Token Auth Methods with BR-DGE

Both PAN_ONLY and CRYPTOGRAM_3DS are enabled when using the BR-DGE Web SDK Google Pay Module or Hosted Payment Page. For merchants integrating with the BR-DGE REST API only, you will be able to configure your client apps to generate PAN_ONLY and/or CRYPTOGRAM_3DS via the allowedAuthMethods for Google Pay for Android or Web.

Query Card Metadata

You can use the POST payment-instruments/google-pay/query endpoint to look up metadata on the associated DPAN. This endpoint accepts the raw JSON from Google Pay, shown in our REST API - Google Pay page, or the BR-DGE token returned from our Web SDK, shown in Web SDK - Google Pay module page.

Where the decrypted Google Pay token is PAN_ONLY, the metadata would be returned for the PAN details.

Retrieve Payment Status

BR-DGE provides you with BIN lookup and the decrypted Google Pay payload through the GET payments/{paymentId}/status endpoint.

You can use the GET payments/{paymentId}/status endpoint to asynchronously obtain the status of a payment. When making a payment with Google Pay, this endpoint's response will include the enhanced paymentInstrument field, containing:

  • Extra card metadata
  • Decrypted payload

Testing

See the Testing Google Pay page for more information on:

  • Testing against a PSP sandbox.
  • Testing against a mock sandbox.