The Google Pay API for Passes helps you add and manage loyalty cards, gift cards, offers, event tickets, boarding passes for flights, and transit passes inside the Google Pay app. To start, register your project, connect it to the Google Pay API for Passes Merchant Center, and then set up your web service for OAuth 2.0.
1. Sign up
Sign up for Google Pay API for Passes access. After you submit the form, the support team will be in touch to validate your use case and create your Google Pay API for Passes account.
2. Register your application
All applications that access a Google API must be registered through the API Console. The result of this registration process is a set of values that are known only to Google and your application (client ID, email address, and private key). You may follow these steps while your Google Pay API for Passes account is being created. To register your application:
- Sign up for Google Pay API for Passes access. If you have already done this, you may skip this step.
- Access the API Console.
- Click the Create Project button or select Create a Project from the dropdown located at the top of the page. The New project page appears.
- Enter a project name.
- Click Create. When configuration is complete, a notification appears in the top right corner. Click on this notification to navigate to the project's home page.
- Click Go to APIs overview. Then, click ENABLE APIS AND SERVICES.
- Search for Google Pay Passes API, and click Enable.
- Click Credentials in left-hand menu.
- Click the Create Credentials button then select Service Account Key.
- Create your service account key on the page, where you may need to create a service account as well. No additional roles are needed for this service account. Choose json as the key type and then click Create.
- A new Service Account has been added to your list of accounts and a private key is downloaded to your local file system. This is the only copy of this key, and you are responsible for keeping this key file in a secure location. You will use this key later.
- Copy the Service Account Email of the key, which is found by clicking Manage service accounts from the Credentials tab. You will use this address later.
Warning: Your private key must be stored and managed securely by you for both the developer and the production environments. Google only stores a copy of the public key. More information on managing your service account private key can be found here.
3. Tie your service account to your Google Pay API for Passes account
The Google Pay API for Passes Merchant Center is a web site you can use to manage your account and all your associated classes and objects. When your Google Pay API for Passes account has been created by our support team, follow these steps to tie your Service Account Email to the new account:
- Access the Google Pay API for Passes Merchant Center.
- Select your account from the list. The Account Info page is displayed.
- Click Share. The Share settings appear.
- From the Register Your Application section, copy the Service Account
Email of the key (ends with
@<your_domain>.iam.gserviceaccount.com) and paste it in the
- Make sure the permissions dropdown is set to can edit then click Send. Your service account is now tied to your Google Pay API for Passes account. You are now ready to issue REST calls to the API.
4. Use OAuth 2.0 for your Server to Server application
The Google OAuth 2.0 Authorization Server supports server-to-server interactions such as those between a web application and Google Cloud Storage. The requesting application has to prove its identity to gain access to an API, without any end-user involvement.
You need to obtain an access token to authorize your API requests. We strongly recommend that you use a client library to simplify the process.
Use a library to create a service account credential
The following tabs show code examples to create a service account credential in different languages:
GoogleCredential credential = new GoogleCredential.Builder().setTransport(httpTransport) .setJsonFactory(jsonFactory) .setServiceAccountId("ServiceAccountEmail@developer.gserviceaccount.com") .setServiceAccountScopes("https://www.googleapis.com/auth/wallet_object.issuer") .setServiceAccountPrivateKey(new File("/example/path/to/privatekey.json")) .build();
$client = new Google_Client(); $client->setApplicationName('Wallet Objects App'); $client->setScopes(array('https://www.googleapis.com/auth/wallet_object.issuer')); $client->setAuthConfigFile('/example/path/to/privatekey.json');
file_path = '/example/path/to/privatekey.json' credentials = ServiceAccountCredentials.from_json_keyfile_name( file_path, 'https://www.googleapis.com/auth/wallet_object.issuer') http = httplib2.Http() http = credentials.authorize(http)
You will use the resulting credential when you execute REST API commands, such as inserting a class.
Obtain an access token manually
Refer to Using OAuth 2.0 for Server to Server Applications to manually obtain an access token. You will need to create a JSON Web Token (JWT) and sign it with the private key, then construct an access token request in the appropriate format. After that, your application sends the token request to the Google OAuth 2.0 Authorization Server and an access token gets returned. Your application can access the API only after receiving the access token. When the access token expires, your application must repeat this process.
Once you've completed these steps, see Save passes to Google Pay to learn how customers can easily save loyalty cards, gift cards, offers, event tickets, boarding passes for flights, and transit passes from your website to Google Pay.