Get access to REST API

The Google Pay API for Passes helps you add and manage loyalty cards, gift cards, offers, event tickets, boarding passes for flights, and transit passes inside the Google Pay app. To start, register your project, connect it to the Google Pay API for Passes Merchant Center, and then set up your web service for OAuth 2.0.

1. Register your application

All applications that access a Google API must be registered through the API Console. The result of this registration process is a set of values that are known only to Google and your application (client ID, email address, and private key). To register your application:

  1. Sign up for Google Pay API for Passes access. If you have already done this, you may skip this step.
  2. Access the API Console.
  3. Click the Create Project button or select Create a Project from the dropdown located at the top of the page. The New project page appears.
  4. Enter a project name.
  5. Click Create. When configuration is complete, a notification appears in the top right corner. Click on this notification to navigate to the project's home page.
  6. Click Go to APIs overview. Then, click ENABLE APIS AND SERVICES.
  7. Search for Google Pay Passes API, and click Enable.
  8. Click Credentials in left-hand menu.
  9. Click the Create Credentials button then select Service Account Key.
  10. Create your service account key on the page, where you may need to create a service account as well. No additional roles are needed for this service account. Choose json as the key type and then click Create.
  11. A new Service Account has been added to your list of accounts and a private key is downloaded to your local file system. This is the only copy of this key, and you are responsible for keeping this key file in a secure location. You will use this key later.
  12. Copy the Service Account Email of the key, which is found by clicking Manage service accounts from the Credentials tab. You will use this address later.

Warning: Your private key must be stored and managed securely by you for both the developer and the production environments. Google only stores a copy of the public key. More information on managing your service account private key can be found here.

2. Tie your service account to your Google Pay API for Passes account

Your Google Pay API for Passes account should have been created for you by your Google point of contact. The Google Pay API for Passes Merchant Center is a web site you can use to manage your account and all your associated classes and objects. Follow these steps to tie your service account to the Google Pay API for Passes Merchant Center:

  1. Access the Google Pay API for Passes Merchant Center.
  2. Select your account from the list. The Account Info page is displayed.
  3. Click Share. The Share settings appear.
  4. From the Register Your Application section, copy the Service Account Email of the key (ends with @<your_domain>.iam.gserviceaccount.com) and paste it in the Invite people field.
  5. Make sure the permissions dropdown is set to can edit then click Send. Your service account is now tied to your Google Pay API for Passes account. You are now ready to issue REST calls to the API.

3. Use OAuth 2.0 for your Server to Server application

The Google OAuth 2.0 Authorization Server supports server-to-server interactions such as those between a web application and Google Cloud Storage. The requesting application has to prove its identity to gain access to an API, without any end-user involvement.

You need to obtain an access token to authorize your API requests. We strongly recommend that you use a client library to simplify the process.

Use a library to create a service account credential

The following tabs show code examples to create a service account credential in different languages:

Java

GoogleCredential credential = new GoogleCredential.Builder().setTransport(httpTransport)
  .setJsonFactory(jsonFactory)
  .setServiceAccountId("ServiceAccountEmail@developer.gserviceaccount.com")
  .setServiceAccountScopes("https://www.googleapis.com/auth/wallet_object.issuer")
  .setServiceAccountPrivateKey(new File("/example/path/to/privatekey.json"))
  .build();

PHP

$client = new Google_Client();
$client->setApplicationName('Wallet Objects App');
$client->setScopes(array('https://www.googleapis.com/auth/wallet_object.issuer'));
$client->setAuthConfigFile('/example/path/to/privatekey.json');

Python

file_path = '/example/path/to/privatekey.json'
credentials = ServiceAccountCredentials.from_json_keyfile_name(
    file_path,
    'https://www.googleapis.com/auth/wallet_object.issuer')

http = httplib2.Http()
http = credentials.authorize(http)

You will use the resulting credential when you execute REST API commands, such as inserting a class.

Obtain an access token manually

Refer to Using OAuth 2.0 for Server to Server Applications to manually obtain an access token. You will need to create a JSON Web Token (JWT) and sign it with the private key, then construct an access token request in the appropriate format. After that, your application sends the token request to the Google OAuth 2.0 Authorization Server and an access token gets returned. Your application can access the API only after receiving the access token. When the access token expires, your application must repeat this process.

  • The iss field in the JWT claim set uses the Service Account email address generated from the Google API Console in the Register your application section.
  • The scope field in the JWT claim set is a space-delimited list of permissions that the application requests.
  • The valid scope for production applications is https://www.googleapis.com/auth/wallet_object.issuer.

Once you've completed these steps, see Save to Google Pay to learn how customers can easily save loyalty cards, gift cards, offers, event tickets, boarding passes for flights, and transit passes from your website to Google Pay.

Send feedback about...

Google Pay for Passes