M15: Google Pay Integration using

REST API

Version 1.0
Date January 2021
 Barclays

1 Version Control

Revision Date Description

January
1.0 Initial release
2021

Restricted - External
 Barclays

2 Table of Contents

1 Version Control .....................................................................................................................................................2

2 Table of Contents ..................................................................................................................................................3
3 Introduction .........................................................................................................................................................4
3.1 Overview ..............................................................................................................................................................4
4 Google Pay Overview ............................................................................................................................................4
5 Authorizing a Google Pay Payment .......................................................................................................................5
5.1 Receiving the Google Pay Token ..........................................................................................................................7
5.2 Authorize a Payment Request using REST API .....................................................................................................8
5.2.1 Authorization Request Example - Web ............................................................................................................8
5.2.2 Authorization Response Example - Web..........................................................................................................9
Disclaimer ....................................................................................................................................................................10

Restricted - External
 Barclays

3 Introduction
This document describes in detail how to implement Google Pay on both mobile and website channels. This document
assumes that you will use Smartpay Fuse to decrypt the payment data provided by Google Pay.

3.1 Overview
Google Pay is a simple, secure way to capture payment card details, for in-app mobile and Web applications. The
Google Pay SDKs (provided by Google) are called to allow the customer to select their preferred card. The SDKs will
return encrypted payment data to the callbacks that you provide. You can safely send the encrypted payment data to
your server side, where you can construct and submit an authorization request to Smartpay Fuse. Smartpay Fuse will
decrypt the payment data and forward the authorization request on to your acquirer. This method integrates simply
and allows you to process transactions without any ability or requirement to see the underlying card or network token
data.

The Google Pay SDK allows you to configure which card schemes you wish to support (Visa, MasterCard, AMEX, etc.)
and whether you wish to support cards on file on Google.com and/or device tokens on an Android device authenticated
with a 3-D Secure cryptogram. If you choose to support cards on file, you may also need to implement Payer
Authentication into your payment flow. Up to date advice can be found on the Google Pay website:
(https://developers.google.com/pay/api/web/guides/resources/sca)

4 Google Pay Overview

1. The customer chooses the Google Pay button. Using the Google API, your system initiates the
Google Pay request identifying your payment gateway, and your payment gateway merchant ID.
2. The customer confirms the payment. The Google API contacts Google Pay services to retrieve the
consumer’s payment parameters.
3. If the customer’s selected payment credentials are tokenized or you are tokenizing new payment
credentials, the Google Pay service contacts the appropriate payment network to retrieve the
appropriate cryptogram.
4

Restricted - External
 Barclays

4. The payment network returns the appropriate token and cryptogram to the Google Pay service.
5. Google creates encrypted payment data using the gateway-specific key that is supplied in the Wallet
request and includes it in the Google API response.
6. The Google Pay call back returns the encrypted payment data.
7. Your system prepares the Google Pay response information for submission to Smartpay Fuse.
a. Smartpay Fuse sends the authorization request to the acquirer.
b. The acquirer processes the request from Smartpay Fuse and creates the payment network
authorization request.
c. The payment network processes the request from the acquirer and creates the issuer
authorization request.
d. The issuer processes the request from the payment network. The issuer looks up the
payment information and returns an approved or declined authorization message to the
payment network.
e. The payment network returns the authorization response to the acquirer.
f. The acquirer returns the authorization response to Smartpay Fuse.
8. Smartpay Fuse returns the authorization response to your system.
9. Your system returns the authorization response to the payment application.
10. The payment application displays the confirmation or decline message to the customer.
a. The acquirer submits the settlement request to the issuer for funds.
b. The issuer supplies the funds to the acquirer for the authorized transactions.

5 Authorizing a Google Pay Payment

5.1 Prerequisites
It is not necessary to contact Smartpay Fuse Support to enable support for Google Pay, and there is also no requirement
to configure Google Pay in the Smartpay Fuse Merchant portal (EBC).

Please note that the Android Pay configuration screen in EBC is for legacy integrations, and should no-longer be used.

5.2 Adding Google Pay button

Google provides SDKs, tutorials and sample code for Android apps and Web development here:
https://developers.google.com/pay/api

Please follow the steps described to add a Google Pay Button to your app or web site. The first step is to configure your
PaymentDataRequest object. In this you specify the following details:

Data Item Values

apiVersion 2
apiVersionMinor 0
merchantInfo->merchantName The text that you want to appear on the Google Pay pop up screen.
tokenizationSpecification->type = “PAYMENT_GATEWAY”
tokenizationSpecification->parameters- “cybersource”
>gateway
tokenizationSpecification->parameters- Your Smartpay Fuse transacting MID name.
>gatewayMerchantId
allowedPaymentMethods ->parameters- Comma-delimited list of the card networks that you wish to support.
>allowedCardNetworks Possible values:
- AMEX,
- JCB,
- MASTERCARD,
- VISA

Restricted - External
 Barclays

allowedPaymentMethods ->parameters- Comma-delimited list of authentication methods that you wish to

>allowedAuthMethods accept. Possible values:
- PAN_ONLY: Cards on file with Google,
- CRYPTOGRAM_3DS: Device tokens on an Android device that have
been authenticated with a 3-D Secure cryptogram.

Please note that SCA rules are applicable to PAN_ONLY transactions,

allowedPaymentMethods ->parameters-
>assuranceDetailsRequired
so you may need to also implement Payer Authentication (3DS2) if
you wish to support this token type. If you do need to implement
Payer Authentication, then you should also include
“assuranceDetailsRequired” set to true.
(Optional). Default value is false. Set to true to ensure that the
PaymentData object, returned by the SDK, contains information
about whether the cardholder was authenticated.

An example PaymentDataRequest is shown below:

{
"apiVersion": 2,
"apiVersionMinor": 0,
"merchantInfo": {
"merchantName": "<<YOUR MERCHANT NAME>>"
},
"allowedPaymentMethods": [
{
"type": "CARD",
"parameters": {
"allowedAuthMethods": ["PAN_ONLY", "CRYPTOGRAM_3DS"],
"allowedCardNetworks": ["AMEX", "MASTERCARD", "VISA"],
"assuranceDetailsRequired": true,
},
"tokenizationSpecification": {
"type": "PAYMENT_GATEWAY",
"parameters": {
"gateway": "cybersource",
"gatewayMerchantId": "<<YOUR SMARTPAY FUSE GATEWAY MID>>"
}
}
}
],
"transactionInfo": {
"totalPriceStatus": "FINAL",
"totalPrice": "12.34",
"countryCode": "GB",
"currencyCode": "GBP"
}
}

Full details of the PaymentDataRequest options can be found on the Google Pay website:

Web: https://developers.google.com/pay/api/web/guides/tutorial

Android: https://developers.google.com/pay/api/android/guides/tutorial

Restricted - External
 Barclays

5.3 Receiving the Google Pay Token

When the customer has selected or added the card they wish to use, the Google Pay SDK will return a PaymentData
object. An example of the data contained in the object is shown below:

{
"apiVersionMinor": 0,
"apiVersion": 2,
"paymentMethodData": {
"description": "Visa •••• 1111",
"tokenizationData": {
"type": "PAYMENT_GATEWAY",
"token": "{\"signature\":\"MEYCIQDVm2OkFgM7e1XQkOGw6pIXZSjW+39j/4z/RWvLO80jYAIhAJxppoOVMJjGK
zdoeET/+zUFzrAF59w10c9pzVXgBGIP\",\"protocolVersion\":\"ECv1\",\"signedMessage\":\"{\\\"encryptedM
essage\\\":\\\"W0BoZ5vqYLXWzpomnKr3HzlbLbO6fOXYpVufzEhb3NvYi1F9Kso7NpzkMXtMABw+dzf7kfPREKyrLJUzYDq
oPBcSoZBP4GKYUO2LVh1oaQYTlGurzLgANVtwtN9YNHjNN3PHHIKO2//EFBFhP8kSe4xibuqOrhZFWztEjVqj5o9+ulu/IhVQD
atWwsntRYNIvNhKaYH2pKxoIUxsMH6WJ/8SukpvwYzUhll7H1D2tTazsBnahpOZaIrfCIDpYSC1GGj135lySstRCQsHWYWLa6D
2QdQrnJBoT6CiXQNHAz7r1mXtQ5wFMDHeSxYmo4XyVedLyf9+dWadpnVhhr4W24B2avXS/FWReG0Sc89feWW0dFrFJxEOjEZ7B
5kSFbWwduG3eKm3nymU7mZNHtbSqrBrYkJR3th1cTuWeX/KElLsIgzAM2aoELJZTxF+Ika7bLo\\\\u003d\\\",\\\"epheme
ralPublicKey\\\":\\\"BFVoP0UtqwZGPdfKJX3Po/0nBVIiLzys7B63i65LuXn06mJmEr02bsl/LS69qldsWmZFl6K3T7cOZ
mv5BS5Vgdk\\\\u003d\\\",\\\"tag\\\":\\\"KkpDuJGAAhJowwdr2sQQcxd9ehVn8/5KGRcTLPkvsM4\\\\u003d\\\"}\
"}"
},
"type": "CARD",
"info": {
"cardNetwork": "VISA",
"cardDetails": "1111",
"assuranceDetails": {
"cardHolderAuthenticated": false,
"accountVerified": true
}
}
}
}

Note that the last four digits of the card and the Card Network are returned. The assuranceDetails are also returned if
the "assuranceDetailsRequired" variable is set to true in the PaymentDataRequest object.

To authorize a payment extract the value of paymentMethodData->tokenizationData->token, which will be a JSON

string similar to the following example:

{"signature":"MEYCIQDVm2OkFgM7e1XQkOGw6pIXZSjW+39j/4z/RWvLO80jYAIhAJxppoOVMJjGKzdoeET/+zUFzrAF59w1
0c9pzVXgBGIP","protocolVersion":"ECv1","signedMessage":"{\"encryptedMessage\":\"W0BoZ5vqYLXWzpomnK
r3HzlbLbO6fOXYpVufzEhb3NvYi1F9Kso7NpzkMXtMABw+dzf7kfPREKyrLJUzYDqoPBcSoZBP4GKYUO2LVh1oaQYTlGurzLgA
NVtwtN9YNHjNN3PHHIKO2//EFBFhP8kSe4xibuqOrhZFWztEjVqj5o9+ulu/IhVQDatWwsntRYNIvNhKaYH2pKxoIUxsMH6WJ/
8SukpvwYzUhll7H1D2tTazsBnahpOZaIrfCIDpYSC1GGj135lySstRCQsHWYWLa6D2QdQrnJBoT6CiXQNHAz7r1mXtQ5wFMDHe
SxYmo4XyVedLyf9+dWadpnVhhr4W24B2avXS/FWReG0Sc89feWW0dFrFJxEOjEZ7B5kSFbWwduG3eKm3nymU7mZNHtbSqrBrYk
JR3th1cTuWeX/KElLsIgzAM2aoELJZTxF+Ika7bLo\\u003d\",\"ephemeralPublicKey\":\"BFVoP0UtqwZGPdfKJX3Po/
0nBVIiLzys7B63i65LuXn06mJmEr02bsl/LS69qldsWmZFl6K3T7cOZmv5BS5Vgdk\\u003d\",\"tag\":\"KkpDuJGAAhJow
wdr2sQQcxd9ehVn8/5KGRcTLPkvsM4\\u003d\"}"}

You then need to Base 64 encrypt this string to give something similar to the following example:

eyJzaWduYXR1cmUiOiJNRVlDSVFDK1hrK1ZnU05sSm9LS2sydlpiU2NQZzhpWTJOWDV0THdkRDdYcXl4QjdMQUloQUxuVnVBdj
VqM2VkczNaaXBGS1dKUGFFdG5ENTYraGF2NStVM1RqdHJHejMiLCJwcm90b2NvbFZlcnNpb24iOiJFQ3YxIiwic2lnbmVkTWVz
c2FnZSI6IntcImVuY3J5cHRlZE1lc3NhZ2VcIjpcImJKSTM5N254VCs0TXFFUGhpYnROL1lnV2RYYWJUTUZvV0NwZHZvdEhEVE
9JbjhTdVh2MFBFM1BwMXNOVStZcHhIaDFuSnBuWnhaRlB5R3ZIcExxYjJHOFd5WE1nZ1JmdGFPNnN6WmNRakY1Z01DVDQ3enlB

Restricted - External
 Barclays

bE5vUXpRRnE5QjNNdEF6UUk2VzFpaDZ2UWluTFBHQUk1dXpCL1BqUElnOHhtYSt1WmhkTEtQUXhpSTRRMlRub0E5b3htV2FicW
V3VDlTaFJZQVczMTNyUDg0ODZyMm01SmR1Z2o1OHJVaXJEMFBiK1c1T09JMnQzUlQyR254VFRVOU1xQUVqaTdmZllGSm9UNEJy
My8rM1F3dnJ3K2YwOWVmbTFabzRXMElOMnVhWUsxdUFvdHZVeTBIZ2N5cnhqcWE5Yy94bTJSeUJHYmtmSVhkSDE5TFg5Vkcyem
d6VzI5UkdzbzdjTjVSd3NQS0xUQnNXT2FadUpMaXlJaVlYUy90Ti9VcXpXbi9VMU5MdnZlYnJjK3JOdmcvVUNjZlF1TUpMZG1O
UFUxM01vVzFvYjd2WktBdVJ4aytCVVdNVUFXblpiaVJpSkhoWUx3djRcXHUwMDNkXCIsXCJlcGhlbWVyYWxQdWJsaWNLZXlcIj
pcIkJOekZKalJQVUE0TGIyNEN5VkRQWFlxMVNQczRGRGx3bFRjR0xIRUtOYTQ3aEJRdkFvT2RaWE1PS3A5ZFQ1Qis0Q1FXK0k1
L0ZHYVdqVUk4akY2a0NCRVxcdTAwM2RcIixcInRhZ1wiOlwicTVyOVAvNVc3ek9OeVRlckxsY2piUVdkdFR0SU9kVkV4cThacm
w0S2g4c1xcdTAwM2RcIn0ifQ==

5.4 Authorize a Payment Request using REST API

The key fields that must be populated in the Authorization request (Process a Payment) to indicate that this is a Google
Pay transaction are:

Data field Value

processingInformation->paymentSolution 012 = Google Pay
paymentInformation->fluidData.value The token provided by the Google Pay
SDK, Base64 encoded

5.4.1 Authorization Request Example

The following example shows the minimum fields required to authorize a payment using a Google Pay encrypted data
token:

{
"clientReferenceInformation": {
"code": "GOO12345"
},
"processingInformation": {

"capture": "true", // Include if you wish to combine Authorization + Capture

"paymentSolution": "012"
},
"orderInformation": {
"amountDetails": {
"totalAmount": "13.89",
"currency": "GBP"
},
"billTo": {
"firstName": "Paul",
"lastName": "Evo",
"address1": "Little House",
"locality": "Ontheprairie",
"postalCode": "LH1 OTP",
"country": "GB",
"email": "[email protected]"
}
},
"paymentInformation": {
"fluidData": {
"value": "eyJzaWduYXR1cmUiOiJNRVlDSVFDK1hrK1ZnU05sSm9LS2sydlpiU2NQZzhpWTJOWDV0THdkRDdYcXl4
QjdMQUloQUxuVnVBdjVqM2VkczNaaXBGS1dKUGFFdG5ENTYraGF2NStVM1RqdHJHejMiLCJwcm90b2NvbFZlcnNpb24iOiJFQ3
YxIiwic2lnbmVkTWVzc2FnZSI6IntcImVuY3J5cHRlZE1lc3NhZ2VcIjpcImJKSTM5N254VCs0TXFFUGhpYnROL1lnV2RYYWJU
TUZvV0NwZHZvdEhEVE9JbjhTdVh2MFBFM1BwMXNOVStZcHhIaDFuSnBuWnhaRlB5R3ZIcExxYjJHOFd5WE1nZ1JmdGFPNnN6Wm
NRakY1Z01DVDQ3enlBbE5vUXpRRnE5QjNNdEF6UUk2VzFpaDZ2UWluTFBHQUk1dXpCL1BqUElnOHhtYSt1WmhkTEtQUXhpSTRR
MlRub0E5b3htV2FicWV3VDlTaFJZQVczMTNyUDg0ODZyMm01SmR1Z2o1OHJVaXJEMFBiK1c1T09JMnQzUlQyR254VFRVOU1xQU

Restricted - External
 Barclays

VqaTdmZllGSm9UNEJyMy8rM1F3dnJ3K2YwOWVmbTFabzRXMElOMnVhWUsxdUFvdHZVeTBIZ2N5cnhqcWE5Yy94bTJSeUJHYmtm
SVhkSDE5TFg5Vkcyemd6VzI5UkdzbzdjTjVSd3NQS0xUQnNXT2FadUpMaXlJaVlYUy90Ti9VcXpXbi9VMU5MdnZlYnJjK3JOdm
cvVUNjZlF1TUpMZG1OUFUxM01vVzFvYjd2WktBdVJ4aytCVVdNVUFXblpiaVJpSkhoWUx3djRcXHUwMDNkXCIsXCJlcGhlbWVy
YWxQdWJsaWNLZXlcIjpcIkJOekZKalJQVUE0TGIyNEN5VkRQWFlxMVNQczRGRGx3bFRjR0xIRUtOYTQ3aEJRdkFvT2RaWE1PS3
A5ZFQ1Qis0Q1FXK0k1L0ZHYVdqVUk4akY2a0NCRVxcdTAwM2RcIixcInRhZ1wiOlwicTVyOVAvNVc3ek9OeVRlckxsY2piUVdk
dFR0SU9kVkV4cThacmw0S2g4c1xcdTAwM2RcIn0ifQ=="
}
}
}

5.4.2 Authorization Response Example - Web

The following example shows a typical Authorization response:

{
"_links": {
"void": {
"method": "POST",
"href": "/pts/v2/payments/6079597892106877203003/voids"
},
"self": {
"method": "GET",
"href": "/pts/v2/payments/6079597892106877203003"
}
},
"clientReferenceInformation": {
"code": "GOO12345"
},
"id": "6079597892106877203003",
"orderInformation": {
"amountDetails": {
"totalAmount": "13.89",
"authorizedAmount": "13.89",
"currency": "GBP"
}
},
"paymentAccountInformation": {
"card": {
"type": "001"
}
},
"paymentInformation": {
"tokenizedCard": {
"type": "001"
}
},
"processorInformation": {
"approvalCode": "13",
"networkTransactionId": "123456789012345",
"transactionId": "123456789012345",
"responseCode": "0",
"avs": {
"code": "U",
"codeRaw": "00"
}
},
"status": "AUTHORIZED",
"submitTimeUtc": "2020-12-14T15:29:49Z"
}

Restricted - External
 Barclays

Disclaimer

Barclays and Barclaycard offers corporate banking products and services to its clients through Barclays Bank PLC. This
presentation has been prepared by Barclays Bank PLC ("Barclays"). This presentation is for discussion purposes only,
and shall not constitute any offer to sell or the solicitation of any offer to buy any security, provide any underwriting
commitment, or make any offer of financing on the part of Barclays, nor is it intended to give rise to any legal
relationship between Barclays and you or any other person, nor is it a recommendation to buy any securities or enter
into any transaction or financing. Customers must consult their own regulatory, legal, tax, accounting and other
advisers prior to making a determination as to whether to purchase any product, enter into any transaction of financing
or invest in any securities to which this presentation relates. Any pricing in this presentation is indicative. Although the
statements of fact in this presentation have been obtained from and are based upon sources that Barclays believes to
be reliable, Barclays does not guarantee their accuracy or completeness. All opinions and estimates included in this
presentation constitute Barclays’ judgement as of the date of this presentation and are subject to change without
notice. Any modelling or back testing data contained in this presentation is not intended to be a statement as to future
performance. Past performance is no guarantee of future returns. No representation is made by Barclays as to the
reasonableness of the assumptions made within or the accuracy or completeness of any models contained herein.

Neither Barclays, nor any officer or employee thereof, accepts any liability whatsoever for any direct or consequential
losses arising from any use of this presentation or the information contained herein, or out of the use of or reliance on
any information or data set out herein.

Barclays and its respective officers, directors, partners and employees, including persons involved in the preparation or
issuance of this presentation, may from time to time act as manager, co-manager or underwriter of a public offering or
otherwise deal in, hold or act as market-makers or advisers, brokers or commercial and/or investment bankers in
relation to any securities or related derivatives which are identical or similar to any securities or derivatives referred to
in this presentation.

Copyright in this presentation is owned by Barclays (© Barclays Bank PLC, 2012). No part of this presentation may be
reproduced in any manner without the prior written permission of Barclays.

Barclays Bank PLC is a member of the London Stock Exchange.

Barclays is a trading name of Barclays Bank PLC and its subsidiaries. Barclays Bank PLC is registered in England and
authorised and regulated by the Financial Services Authority (FSA No. 122702). Registered Number is 1026167 and its
registered office 1 Churchill Place, London E14 5HP.

Barclaycard is a trading name of Barclays Bank PLC and Barclaycard International Payments Limited. Barclays Bank PLC
is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the
Prudential Regulation Authority (Financial Services Register number: 122702). Registered in England No. 1026167.
Registered Office: 1 Churchill Place, London E14 5HP. Barclaycard International Payments Limited, trading as
Barclaycard, is regulated by the Central Bank of Ireland. Registered Number: 316541. Registered Office: One
Molesworth Street, Dublin 2, Ireland, D02 RF29. Directors: Paul Adams (British), James Kelly, Mary Lambkin Coyle and
Michael Reed (USA). Calls may be recorded for security and other purposes.

10

Restricted - External