Web Top-Up API

Integrators must implement a web host to redirect the users for top-up purposes. This top-up is a different modality, but the same purpose as the top-up provided by Android Top-ups. This web host must have a mobile-friendly web site.

The web host must determine mobile web requests vs desktop web requests based on the user-agent header value. The page delivered on mobile web requests must be mobile web friendly on Android and iOS. Beside the user-agent header value, the client will provide you no other hint as to the environment where this user is making the request (desktop or web).

The server must implement an HTTPS protocol using GET. The path and host are definable by the integrator. The integrator must support URL lengths of 2,048 chars. This includes the scheme, host, port, path and parameters.

All parameters will be UTF-8 encoded prior to being URL-encoded.

Request

Upon request, Google provides the following as URL parameters:

Fields
gspMajorVersion	int Major version number for this request.
gspTopUpRequest	TopUpRedirectRequest Top-up request.
gspAssociationId	string Contains an identifier that the integrator uses to look up credentials for the account that the user is topping up. This is the association ID that is sent during account linking in the AssociateAccountRequest.
gspCallbackUrl	string URL to redirect the user to in order to finish the top-up flow on Google. This value is url encoded.

Response

Upon completion of the top-up, the user must be redirected to the gspCallbackUrl using HTTPS GET. This URL must have the following query parameters:

Fields
gspResult	int 100 Top-up was successful. 201 User canceled the flow manually and the flow should be aborted. 202 Top-up failed for a fatal reason and the flow should be aborted.
redirectRequestId	string REQUIRED: The requestId sent in the original/initiating redirect payment request. Google will verify this matches the sent requestId, and the Complete Redirect flow will fail if it doesn't match.
gspTopUpResponse	RedirectResponse REQUIRED: The TopUpRedirectResponse should be encrypted and signed using PGP or JWE+JWS. Further, this value should be web-safe base64 encoded.