Stay organized with collections
Save and categorize content based on your preferences.
Issuers can offer app-to-web verification as an option for completing a yellow
path ID&V challenge when provisioning a token. App-to-web verification is
configured through your TSP and does not require any configuration by the Google
Pay team. There are two important URLs referred to repeatedly:
Issuer Web Redirect URL: Provided to Google by the Issuer through the
TSP's response to Google's request for ID&V options. Used to launch the
Issuer App to complete user ID&V. The Issuer can add any query parameters
that they deem relevant to identify the request.
Google Callback URL: Provided to the Issuer website as a URL parameter
in the Issuer Web Redirect URL. Used to launch Google Wallet after the Issuer
website has completed user ID&V.
The following flow shows an abstract user experience for the app-to-web
verification process:
When users choose to activate their token through app-to-web verification,
Google Wallet opens the Issuer Web Redirect URL in a Google Chrome Android
Custom Tab. If Google
Chrome is not installed, the system falls back to the default browser. After the
website has completed user ID&V, it uses an Android
Intent to navigate back to
the Google Wallet client using the Google Callback URL to finish the provisioning
flow.
Website development
When a user selects the app-to-web method to verify their identity, the Issuer
website must:
Receive the Issuer Web Redirect URL from Google Wallet and parse out the
Google Callback URL.
Authenticate the cardholder.
Activate the token through a request to the TSP.
Redirect the user back to Google Wallet using Google Callback URL.
Receiving the redirect
When a user chooses to verify their identity using app-to-web, Google Wallet
opens the Issuer Web Redirect URL provided to Google by the Issuer through the
TSP's response to Google's request for ID&V options. The Issuer website should
be prepared to handle the query parameters appended to this URL, such as the
Google Callback URL and any other extra URL parameters.
Issuer calls the TSP API to activate the token directly.
Flow description
Step
Source
Description
1
Google Wallet
User manually adds a payment card to their Google Wallet. The user selects the app-to-web as the verification method.
2
Google Wallet
Google Wallet opens the Issuer Web Redirect URL in a Chrome Custom Tab.
3
Issuer's Website
The Issuer's website completes the identity verification process.
4
Issuer's Website
Issuer's server sends an activateToken(tokenId) request to the TSP.
5
TSP Server
The TSP forwards the token activation status to Google Wallet servers by calling handleTspEvent(). The TSP confirms the activation to the Issuer's server.
6
Issuer's Website
The Issuer's website redirects the user back to Google Wallet using the Google Callback URL.
7
Google Wallet
Google Wallet displays a success message and the card is ready to use.
All rights reserved. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-09-08 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-08 UTC."],[],[],null,["Issuers can offer app-to-web verification as an option for completing a yellow\npath ID\\&V challenge when provisioning a token. App-to-web verification is\nconfigured through your TSP and does not require any configuration by the Google\nPay team. There are two important URLs referred to repeatedly:\n\n- **Issuer Web Redirect URL:** Provided to Google by the Issuer through the TSP's response to Google's request for ID\\&V options. Used to launch the Issuer App to complete user ID\\&V. The Issuer can add any query parameters that they deem relevant to identify the request.\n\n| **Key Point:** The scheme of the redirect URL must be `HTTPS`.\n\n- **Google Callback URL:** Provided to the Issuer website as a URL parameter in the Issuer Web Redirect URL. Used to launch Google Wallet after the Issuer website has completed user ID\\&V.\n\nThe following flow shows an abstract user experience for the app-to-web\nverification process:\n\nWhen users choose to activate their token through app-to-web verification,\nGoogle Wallet opens the Issuer Web Redirect URL in a [Google Chrome Android\nCustom Tab](https://developer.chrome.com/docs/android/custom-tabs). If Google\nChrome is not installed, the system falls back to the default browser. After the\nwebsite has completed user ID\\&V, it uses an [Android\nIntent](https://developer.chrome.com/docs/android/intents) to navigate back to\nthe Google Wallet client using the Google Callback URL to finish the provisioning\nflow.\n| **Note:** In rare cases, the redirect back to Google Wallet may fail and display a 404 error. If this happens, the user needs to manually close the browser. If the token has been activated in the background, a success screen will appear. Otherwise, the verification flow will restart.\n\nWebsite development\n\nWhen a user selects the app-to-web method to verify their identity, the Issuer\nwebsite must:\n\n1. Receive the Issuer Web Redirect URL from Google Wallet and parse out the Google Callback URL.\n2. Authenticate the cardholder.\n3. Activate the token through a request to the TSP.\n4. Redirect the user back to Google Wallet using Google Callback URL.\n\nReceiving the redirect\n\nWhen a user chooses to verify their identity using app-to-web, Google Wallet\nopens the Issuer Web Redirect URL provided to Google by the Issuer through the\nTSP's response to Google's request for ID\\&V options. The Issuer website should\nbe prepared to handle the query parameters appended to this URL, such as the\nGoogle Callback URL and any other extra URL parameters.\n\n**Mastercard URL** \n\n https://www.issuerurl.com/auth?TUR=xyz&panSuffix=1234&redirectUrl=https://pay.google.com/gp/wallet/webidvredirect\n\n**Visa URL** \n\n https://www.issuerurl.com/auth?a2apayload=abc&identifier=abc&wpcallback=https://pay.google.com/gp/wallet/webidvredirect\n\nToken Activation\n\nIssuer calls the TSP API to activate the token directly.\n\nFlow description\n\n| Step | Source | Description |\n|------|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| 1 | Google Wallet | User manually adds a payment card to their Google Wallet. The user selects the app-to-web as the verification method. |\n| 2 | Google Wallet | Google Wallet opens the Issuer Web Redirect URL in a [Chrome Custom Tab](https://developer.chrome.com/docs/android/custom-tabs). |\n| 3 | Issuer's Website | The Issuer's website completes the identity verification process. |\n| 4 | Issuer's Website | Issuer's server sends an `activateToken(tokenId)` request to the TSP. |\n| 5 | TSP Server | The TSP forwards the token activation status to Google Wallet servers by calling `handleTspEvent()`. The TSP confirms the activation to the Issuer's server. |\n| 6 | Issuer's Website | The Issuer's website redirects the user back to Google Wallet using the Google Callback URL. |\n| 7 | Google Wallet | Google Wallet displays a success message and the card is ready to use. |"]]