Generating Encryption data for GooglePay Direct Integration

, , , , , ,

The TokenizationSpecification request object will allow you to specify two type options:

  1. PAYMENT_GATEWAY
  2. DIRECT

Payment Gateway

Payment Gateway is for Merchant’s that want to leverage a Payment Gateway that has already integrated with the GooglePay platform.

You can find a list of predefined gateway values here.

The default Testing values are:

const tokenizationSpecification = {
  type: 'PAYMENT_GATEWAY',
  parameters: {
    'gateway': 'example',
    'gatewayMerchantId': 'exampleGatewayMerchantId'
  }
};

Example Request

The PaymentDataRequest documentation can be found here.

{
  "apiVersion": 2,
  "apiVersionMinor": 0,
  "merchantInfo": {
    "merchantName": "Example Merchant"
  },
  "offerInfo": {
    "offers": [
      {
        "redemptionCode": "exampleCode",
        "description": "example description of offer"
      }
    ]
  },
  "allowedPaymentMethods": [
    {
      "type": "CARD",
      "parameters": {
        "allowedAuthMethods": ["PAN_ONLY", "CRYPTOGRAM_3DS"],
        "allowedCardNetworks": ["AMEX", "DISCOVER", "INTERAC", "JCB", "MASTERCARD", "VISA"]
      },
      "tokenizationSpecification": {
        "type": "PAYMENT_GATEWAY",
        "parameters": {
          "gateway": "example",
          "gatewayMerchantId": "exampleGatewayMerchantId"
        }
      }
    }
  ],
  "transactionInfo": {
    "totalPriceStatus": "FINAL",
    "totalPrice": "12.34",
    "currencyCode": "USD"
  }
}

Example Response

This example response for Google Pay API version 2.0 shows a CARD payment method selected in the GooglePay payment sheet (GooglePay pop-up that is presented to the user when selecting payment configurations to use) .

A payment method token was generated for the example gateway.

{
  "apiVersion": 2,
  "apiVersionMinor": 0,
  "paymentMethodData": {
    "type": "CARD",
    "description": "Visa •••• 1234",
    "info": {
      "cardNetwork": "VISA",
      "cardDetails": "1234"
    },
    "tokenizationData": {
      "type": "PAYMENT_GATEWAY",
      "token": "examplePaymentMethodToken"
    }
  }
}

From this point onward the Merchant will pass the examplePaymentMethodToken onward to their chosen Payment Gateway’s API for processing.

No encryption or decryption required.

Direct

The Direct integration allows Merchants to decrypt the GooglePay response on their servers. (or if the Payment Gateway is not directly supported/integrated to GooglePay – they can receive the encrypted blob from the Merchant, decrypt and process)

Ensure to install openssl.

Generate a private key

openssl ecparam -name prime256v1 -genkey -noout -out privateKey.pem

View the private and public keys

openssl ec -in privateKey.pem -pubout -text -noout

Generate a base64-encoded public key

openssl ec -in privateKey.pem -pubout -text -noout 2> /dev/null | grep "pub:" -A5 | sed 1d | xxd -r -p | base64 | paste -sd "\0" - | tr -d '\n\r ' > publicKey.txt

Generate a base64-encoded private key in PKCS #8 format
The Tink library expects your private key to be base64-encoded in PKCS #8 format.

openssl pkcs8 -topk8 -inform PEM -outform DER -in privateKey.pem -nocrypt | base64 | paste -sd "\0" > privateKeyB64.txt

We should have generated 3 files:

  1. privateKey.pem – (Keep this safe & secure) This is the Elliptic Curve private key suitable for use with NIST P-256.
  2. publicKey.txt – This is the public key base64-encoded that we pass up to the GooglePay API.
  3. privateKeyB64.txt – (Keep this safe & secure) This is the privateKey.pem base64-encoded that we can use for decryption.

Example Request

The PaymentDataRequest documentation can be found here.

{
  "apiVersion": 2,
  "apiVersionMinor": 0,
  "merchantInfo": {
    "merchantName": "Example Merchant"
  },
  "offerInfo": {
    "offers": [
      {
        "redemptionCode": "exampleCode",
        "description": "example description of offer"
      }
    ]
  },
  "allowedPaymentMethods": [
    {
      "type": "CARD",
      "parameters": {
        "allowedAuthMethods": ["PAN_ONLY", "CRYPTOGRAM_3DS"],
        "allowedCardNetworks": ["AMEX", "DISCOVER", "INTERAC", "JCB", "MASTERCARD", "VISA"]
      },
      "tokenizationSpecification": {
        "type": "DIRECT",
        "parameters": {
          "protocolVersion": "ECv2",
          "publicKey": "BOdoXP+9Aq473SnGwg3JU1aiNpsd9vH2ognq4PtDtlLGa3Kj8TPf+jaQNPyDSkh3JUhiS0KyrrlWhAgNZKHYF2Y="
        }
      }
    }
  ],
  "transactionInfo": {
    "totalPriceStatus": "FINAL",
    "totalPrice": "12.34",
    "currencyCode": "USD"
  }
}

Example Response

This example response for Google Pay API version 2.0 shows a CARD payment method selected in the GooglePay payment sheet (GooglePay pop-up that is presented to the user when selecting payment configurations to use) .

A payment method token was generated for DIRECT Tokenization Specification Type.

{
  "apiVersion": 2,
  "apiVersionMinor": 0,
  "paymentMethodData": {
    "type": "CARD",
    "description": "Visa •••• 1111",
    "info": {
      "cardNetwork": "VISA",
      "cardDetails": "1111"
    },
    "tokenizationData": {
      "type": "DIRECT",
      "token": "{\"signature\":\"MEUCIQDWdJzcqQg1aSxFCvrTuPHMsrJ/33g7WXh5cjgP0hKxpwIgDTC8owSxHvO7U0sOPVuTsNRLGzPo2LSxLR/pY+69k84\\u003d\",\"intermediateSigningKey\":{\"signedKey\":\"{\\\"keyValue\\\":\\\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETBCs91BNPCcnd2Xyb+3F1+noH75o0am0X+kIQS1ygSN7GVL5gTZpsv9AL4szHW5j85ibRh+x3gmvyn5+QuaYdA\\\\u003d\\\\u003d\\\",\\\"keyExpiration\\\":\\\"1699243557933\\\"}\",\"signatures\":[\"MEUCIQDn2m8d3JghYusICcReRkpxyY6zAheZ8n/xvGC5Dg5ePgIgPfLepNvkUMxrHH5B9CsxVLy6VUELVFLqUX48Zh3oI40\\u003d\"]},\"protocolVersion\":\"ECv2\",\"signedMessage\":\"{\\\"encryptedMessage\\\":\\\"KvkZRle5+RECM6ASNEsByDCz/x6KOpitDioLyxiZX/7eXHIyOEaN06gjG7dZP2SruUEI8e3kIvSzhNV8/2Ap8Jtp+vsFm1aE2qnTXntId1MnrXIFz4HT1udjdWtVrmEpf3mplRilqNR1QJytMR/5H5EdiBYApoQMk2v4VqterBGSGVXs1z4NiuWGyxFFcyKqlpuJ11uInIL8w/4NhEIOkbL5MGMyfq/8mPjeYVXNovGoP2c3Qqd4AKD1cW2CXAitUici0eKsy07byzD9zUVtEatssXZsRR2WIkXqw4JBgNlsrTQVeK/2VivBUuBvC0P/+RVlZERWvoufVhcmBf5s4pdd/BapcPuISIEZD2DGmq/rmXG4+WYJrXxUIAXSW2BBiu6PT9y9X3e02e/g4S1In+A2dF9Vuug9IQEAgV+4ROd5uC4G1weWtn2Kqb8\\\\u003d\\\",\\\"ephemeralPublicKey\\\":\\\"BAiacScokMDdURvtfvqRQ0+J77IWhwhg/WYGFRPVVE3iMoMSsEgrCNNJK+QODSuyziIkQ3QrtfW4FqnwPcmvV5I\\\\u003d\\\",\\\"tag\\\":\\\"LFxQredqzK2Rs8alKjH5WTxY8xgqNtS8/31mCXCL7Cc\\\\u003d\\\"}\"}"
    }
  }
}

Token cleaned up

{
    "signature": "MEUCIQDWdJzcqQg1aSxFCvrTuPHMsrJ/33g7WXh5cjgP0hKxpwIgDTC8owSxHvO7U0sOPVuTsNRLGzPo2LSxLR/pY+69k84\u003d",
    "intermediateSigningKey": {
        "signedKey": "{\"keyValue\":\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETBCs91BNPCcnd2Xyb+3F1+noH75o0am0X+kIQS1ygSN7GVL5gTZpsv9AL4szHW5j85ibRh+x3gmvyn5+QuaYdA\\u003d\\u003d\",\"keyExpiration\":\"1699243557933\"}",
        "signatures": [
            "MEUCIQDn2m8d3JghYusICcReRkpxyY6zAheZ8n/xvGC5Dg5ePgIgPfLepNvkUMxrHH5B9CsxVLy6VUELVFLqUX48Zh3oI40\u003d"
        ]
    },
    "protocolVersion": "ECv2",
    "signedMessage": "{\"encryptedMessage\":\"KvkZRle5+RECM6ASNEsByDCz/x6KOpitDioLyxiZX/7eXHIyOEaN06gjG7dZP2SruUEI8e3kIvSzhNV8/2Ap8Jtp+vsFm1aE2qnTXntId1MnrXIFz4HT1udjdWtVrmEpf3mplRilqNR1QJytMR/5H5EdiBYApoQMk2v4VqterBGSGVXs1z4NiuWGyxFFcyKqlpuJ11uInIL8w/4NhEIOkbL5MGMyfq/8mPjeYVXNovGoP2c3Qqd4AKD1cW2CXAitUici0eKsy07byzD9zUVtEatssXZsRR2WIkXqw4JBgNlsrTQVeK/2VivBUuBvC0P/+RVlZERWvoufVhcmBf5s4pdd/BapcPuISIEZD2DGmq/rmXG4+WYJrXxUIAXSW2BBiu6PT9y9X3e02e/g4S1In+A2dF9Vuug9IQEAgV+4ROd5uC4G1weWtn2Kqb8\\u003d\",\"ephemeralPublicKey\":\"BAiacScokMDdURvtfvqRQ0+J77IWhwhg/WYGFRPVVE3iMoMSsEgrCNNJK+QODSuyziIkQ3QrtfW4FqnwPcmvV5I\\u003d\",\"tag\":\"LFxQredqzK2Rs8alKjH5WTxY8xgqNtS8/31mCXCL7Cc\\u003d\"}"
}

One response to “Generating Encryption data for GooglePay Direct Integration”

  1. Rogier avatar
    Rogier

    Wow this is very insightful, thanks alot!

    Like

    Reply

Leave a comment