Get access to the REST API

The Google Pay API for Passes helps you add and manage loyalty cards, gift cards, offers, event tickets, boarding passes for flights, and transit passes inside the Google Pay app. To start, register your project, connect it to the Google Pay API for Passes Business Console, and then set up your web service for OAuth 2.0.

1. Sign up

  1. Sign in to your Business Console, fill out your business profile, and wait for it to be approved.
  2. Request access through the Passes tab. In the dialog that appears, describe your use case.

  3. After you submit your request, it usually takes 1-2 business days for the support team to review and approve your application.
  4. Monitor your Passes tab in the Business Console. This is where you will receive the approval notice, and it's also where you find your issuer account.

2. Register your application

All applications that access a Google API must be registered through the API Console. This registration process results in a set of values that are known only to Google and your application: a client ID, email address, and private key. You can perform the following steps to register your application while your Google Pay API for Passes account is being created:

  1. Use the Business Console to request access to Google Pay API for Passes. If you already have access, skip this step.
  2. Access the Google Cloud Console.
  3. Click Create Project or select Create a project from the drop-down menu at the top of the page. The New project page appears.
  4. Enter a project name and click Create. When configuration is complete, a notification appears. Click on this notification to navigate to the project's home page.
  5. Click Go to APIs overview. Then, click Enable APIs and services.
  6. Search for Google Pay Passes API and click Enable.
  7. Click Credentials in the navigation menu.
  8. Click Create Credentials, then select Service Account. Enter a Service account name and then click Create and continue. Skip the other steps and click Done.
  9. On the list of Service Accounts, click the newly created service account. Choose the Keys tab. Click Add key and choose Create new key. Choose JSON as the key type and click Create.

    This adds a new Service Account to your list of accounts and downloads a private key to your local file system. This is the only copy of this key, and it's your responsibility to keep this key file in a secure location. You will use this key later.

  10. Copy the email of the newly created service account, which is found on the list of Service Accounts. You will use this email address later.

Warning: Your private key must be stored and managed securely by you for both the developer and the production environments. Google only stores a copy of the public key. For more information, see Creating and managing service account keys.

3. Tie your service account to your Google Pay API for Passes account

You can use the Business Console to manage your Passes issuer account and all of your associated classes and objects. After your Google Pay API for Passes issuer account is created, follow these steps to tie your Service Account Email to the new account:

  1. Access the Google Pay API for Passes Business Console.
  2. Click Users in the left menu.
  3. Click Invite a user.
  4. Enter the Service Account Email address and select the type Developer.
  5. Click Invite.
  6. From step 10 of the Register your application instructions, copy the email of the Service Account and paste it into the Invite box. The end of the email address has the format @<your_domain>.iam.gserviceaccount.com.
  7. At this point, the Service Account is immediately added to your business console and tied to your Google Pay API for Passes account. You're now ready to issue REST calls to the API.

4. Use OAuth 2.0 for your Server to Server application

The Google OAuth 2.0 Authorization Server supports server-to-server interactions such as those between a web application and Google Cloud Storage. The requesting application has to prove its identity to gain access to an API, without any end-user involvement.

You need to obtain an access token to authorize your API requests. We strongly recommend that you use a client library to simplify the process.

Use a library to create a service account credential

The following tabs show code examples to create a service account credential in different languages:

Java

GoogleCredential credential = new GoogleCredential.Builder().setTransport(httpTransport)
  .setJsonFactory(jsonFactory)
  .setServiceAccountId("ServiceAccountEmail@developer.gserviceaccount.com")
  .setServiceAccountScopes("https://www.googleapis.com/auth/wallet_object.issuer")
  .setServiceAccountPrivateKey(new File("/example/path/to/privatekey.json"))
  .build();

PHP

$client = new Google_Client();
$client->setApplicationName('Wallet Objects App');
$client->setScopes(array('https://www.googleapis.com/auth/wallet_object.issuer'));
$client->setAuthConfigFile('/example/path/to/privatekey.json');

Python

file_path = '/example/path/to/privatekey.json'
credentials = ServiceAccountCredentials.from_json_keyfile_name(
    file_path,
    'https://www.googleapis.com/auth/wallet_object.issuer')

http = httplib2.Http()
http = credentials.authorize(http)

You will use the resulting credential when you execute REST API commands, such as inserting a class.

Obtain an access token manually

Refer to Using OAuth 2.0 for Server to Server Applications to manually obtain an access token. You will need to create a JSON Web Token (JWT) and sign it with the private key, then construct an access token request in the appropriate format. After that, your application sends the token request to the Google OAuth 2.0 Authorization Server and an access token gets returned. Your application can access the API only after receiving the access token. When the access token expires, your application must repeat this process.

  • The iss field in the JWT claim set uses the Service Account email address generated from the Google API Console in the Register your application section.
  • The scope field in the JWT claim set is a space-delimited list of permissions that the application requests.
  • The valid scope for production applications is https://www.googleapis.com/auth/wallet_object.issuer.

Once you've completed these steps, see Save passes to Google Pay to learn how customers can easily save loyalty cards, gift cards, offers, event tickets, boarding passes for flights, and transit passes from your website to Google Pay.