Airwallex logo
Airwallex logoAirwallex logo

Use your own certificate

Copy for LLMView as Markdown

When you're integrated with Google Pay using Airwallex as the payment gateway, by default, Google encrypts payment data that a shopper has stored in their Google Pay wallet. You must pass the encrypted payload to Airwallex using Create a PaymentIntent API or Confirm a PaymentIntent API APIs by providing the following fields:

  • payment_method.type: Set this to googlepay.
  • payment_method.googlepay.payment_data_type: Set this to encrypted_payment_token.
  • payment_method.googlepay.encrypted_payment_token: Provide the UTF-8 encoded, serialized JSON object with the keys specified.

Google Pay tokens can be passed directly to a payment service provider such as Airwallex for processing. However, if you already use your own Google Pay gateway ID and certificate, you may prefer to decrypt the Google Pay token on your side and then submit the decrypted card data to Airwallex. This approach is useful when you want to reuse an existing Google Pay decryption setup or when you are integrating Google Pay directly with the Payments Native API and managing the Google Pay flow yourself.

In this model, Google encrypts payment data for your gateway, you decrypt it on your backend, and provide the details of the resulting raw PAN or device card number to Airwallex in the payment_method.googlepay.tokenized_card payment method object.

Before you begin

  • Make sure Google Pay has been activated as a payment method for your merchant account at Airwallex.
  • You must be PCI-compliant to handle the token decryption and pass raw card details to Airwallex.
  • You must have a server-side Payments API integration.
  • You must have a Google Pay merchant ID .

Decryption process

When you decrypt Google Pay’s paymentMethodDetails object on your server, the primary account data can be either of the following depending on how the shopper added their card:

  • a standard card number (raw PAN) (typically for cards added via a Google account on the web).
  • a device card number (DPAN) (typically for cards added directly to a Google Pay wallet through an Android device)

In both cases, Airwallex can accept the card as a Google Pay payment method by treating it as googlepay.tokenized_card and adding the card number (PAN or DPAN) into googlepay.tokenized_card.number.

Step 1: Integrate Google Pay with your own gateway ID

  • Register and configure Google Pay in the Google console using your own gateway / certificate setup (not the default Airwallex gateway registration).
  • Implement the standard Google Pay Web or Android integration so that the Google Pay sheet appears and returns an encrypted paymentMethodDetails object to your backend.

Decrypt the Google Pay token on your backend

Use Google’s cryptography libraries and your private key to decrypt the encrypted payment token. Extract the card number (raw PAN or device card number), expiry month and year, other card attributes, and cryptogram data as required by your risk/compliance policies. For more information, see Google developer docs .

JSON
1{
2  "paymentMethod": "CARD",
3  "paymentMethodDetails": {
4    "authMethod": "PAN_ONLY",
5    "pan": "1111222233334444",
6    "expirationMonth": 10,
7    "expirationYear": 2025
8  },
9  "gatewayMerchantId": "some-merchant-id",
10  "messageId": "some-message-id",
11  "messageExpiration": "1759309000000"
12}
JSON
1{
2  "paymentMethod": "CARD",
3  "paymentMethodDetails": {
4    "authMethod": "CRYPTOGRAM_3DS",
5    "pan": "1111222233334444",
6    "expirationMonth": 10,
7    "expirationYear": 2025,
8    "cryptogram": "AAAAAA...",
9    "eciIndicator": "eci indicator",
10    
11  },
12  
13  "messageId": "some-message-id",
14  "messageExpiration": "1759309000000"
15}

Create or confirm the payment in Airwallex

You can use the decrypted payment data to create one-off payments or recurring/one-click checkout payments. Provide payment_method.googlepay.tokenized_card with the required fields when you Create a PaymentIntent API or Confirm a PaymentIntent API.

Add payment_method.googlepay.tokenized_card on Confirm a PaymentIntent API with the decrypted PAN, expiry, and any required authentication fields.

JSON
1{
2  "type": "googlepay",
3  "googlepay": {
4    "payment_data_type": "tokenized_card",
5    "billing": {
6      // ...
7    },
8    "tokenized_card": {
9      "number": "37395xxxx51004", // raw pan
10      "expiry_year": "2028",
11      "expiry_month": "12",
12      "name": "John Doe"
13    }
14  }
15}

Add payment_method.googlepay.tokenized_card on Confirm a PaymentIntent API with the device card number (DPAN), expiry, cryptogram, and ECI as required.

JSON
1{
2  "type": "googlepay",
3  "googlepay": {
4    "payment_data_type": "tokenized_card",
5    "billing": {
6      // ...
7    },
8    "tokenized_card": {
9      "number": "37395xxxx51004",  // tokenized_card
10      "expiry_year": "2029",
11      "expiry_month": "12",
12      "name": "John Doe",
13      "authentication_method": {
14        "type": "three_ds",
15        "three_ds": {
16          "eci_indicator": "07",
17          "online_payment_cryptogram": "/wAAAAAAAzJ7RLkAAAAAgS0AAAA="
18        }
19      }
20    }
21  }
22}

Handle 3DS / SCA and disputes as usual

  • Once the card or token is registered in Airwallex via googlepay.tokenized_card object, 3DS, risk checks, settlements, refunds, and disputes are handled like other card transactions processed through Airwallex.
  • Liability shift and SCA behaviour continue to follow Google Pay and scheme rules, based on the underlying card and authentication method.

This setup gives you full control over the Google Pay tokenization and decryption layer, while still allowing you to use Airwallex for authorization, capture, settlement, and recurring flows using the decrypted payment method details.

Was this page helpful?