Stay organized with collections
Save and categorize content based on your preferences.
Introduction
Rotating barcodes look just like regular barcodes but change periodically,
typically every minute, and the terminal/reader is programmed to only accept
the most recent one. This security measure reduces the risks associated with
barcode screenshotting, in particular ticket theft or unauthorized ticket
resale. Rotating barcodes can also act as a fallback for devices that can’t
take advantage of Smart Tap, due to not supporting NFC (lack of hardware, or
software disabled).
On the user device, only one redemption mechanism is used at a given time,
depending on how the pass is configured and on the capabilities of the device.
In the order of priority, the following redemption types are used:
Smart Tap: If a smart-tap payload is specified and if the device supports
NFC/HCE
Note, this can be overridden by the user by clicking “Show code,” which
will force the display of the rotating barcode/static barcode.
Rotating barcode: If a rotating barcode payload is specified
Static barcode: If a barcode payload is specified
Specifying multiple redemption payloads can ensure all users are supported but
may have security implications. In particular, using a static barcode as a
fallback for a rotating barcode negates most of the security benefits of using
rotating barcodes. A static barcode fallback will only be shown in web views
or on clients that do not support rotating barcodes. As of today, we expect
all Google Wallet clients to support rotating barcodes.
Save Flow
The Google Wallet API offers several flows, including:
Creating the transit classes at save time, or ahead of time
Sending the complete objects in your JWT, or saving the objects ahead of
time then referencing them by ID in your JWT
Updating the objects after they have been saved
The proposed rotatingBarcode field is compatible with all these flows,
however, in order to improve security, we suggest the following:
Call the object:insert API to insert the pass to the
Google Wallet server and configure the Add to Google Wallet button to
reference the specific object by ID in your JWT. This ensures that the
resulting JWT does not include the secret key of the rotating barcode.
Use an OTP secret key that is scoped to a single pass
The key, unless it is updated, is expected to be valid for the lifespan of
the pass. We do not expect this key to be updated on any frequency during
the course of normal operation.
The following sequence diagram illustrates the flow between the various actors
for a typical integration:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-14 UTC."],[[["\u003cp\u003eRotating barcodes enhance security by changing periodically, mitigating risks associated with ticket theft or unauthorized resale.\u003c/p\u003e\n"],["\u003cp\u003eThey serve as a fallback for devices lacking NFC support, ensuring accessibility for all users.\u003c/p\u003e\n"],["\u003cp\u003eGoogle Wallet prioritizes Smart Tap, followed by rotating barcodes, and lastly static barcodes for pass redemption.\u003c/p\u003e\n"],["\u003cp\u003eFor optimal security, it is recommended to save pass objects to the Google Wallet server and reference them by ID in JWTs, avoiding exposure of the rotating barcode's secret key.\u003c/p\u003e\n"],["\u003cp\u003eEach pass should ideally have a unique OTP secret key, remaining valid throughout the pass's lifespan.\u003c/p\u003e\n"]]],["Rotating barcodes change periodically, enhancing security against screenshotting and ticket theft. They serve as a fallback for devices lacking NFC capabilities. The system prioritizes Smart Tap, then rotating barcodes, and lastly static barcodes for redemption. Using static barcodes alongside rotating ones compromises security. The API supports various saving flows, recommending using the `object:insert` API to avoid including the barcode's secret key in the JWT, using an OTP secret key and expecting the key to be valid for the life span of the pass.\n"],null,["Introduction\n\n\nRotating barcodes look just like regular barcodes but change periodically,\ntypically every minute, and the terminal/reader is programmed to only accept\nthe most recent one. This security measure reduces the risks associated with\nbarcode screenshotting, in particular ticket theft or unauthorized ticket\nresale. Rotating barcodes can also act as a fallback for devices that can't\ntake advantage of Smart Tap, due to not supporting NFC (lack of hardware, or\nsoftware disabled).\n\nAPI reference\n\n\nFor technical details about Rotating Barcodes, see the\n[`RotatingBarcode` type](/wallet/tickets/transit-passes/qr-code/rest/v1/RotatingBarcode).\n\nExample payload\n\n| JSON ||\n|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---|\n| ``` { \"rotatingBarcode\": { \"type\": \"QR_CODE\", \"valuePattern\": \"MyRotatingBarcode-{totp_timestamp_seconds}-{totp_value_0}\", \"alternateText\": \"Ticket#: 1234567890\", \"totpDetails\": { \"algorithm\": \"TOTP_SHA1\", \"periodMillis\": \"3000\", \"parameters\": [ { \"key\": \"3132333435363738393031323334353637383930\", \"valueLength\": \"8\" } ] } } } ``` |\n\nFallback Mechanisms\n\n\nOn the user device, only one redemption mechanism is used at a given time,\ndepending on how the pass is configured and on the capabilities of the device.\nIn the order of priority, the following redemption types are used:\n\n1. Smart Tap: If a smart-tap payload is specified and if the device supports NFC/HCE\n - Note, this can be overridden by the user by clicking \"Show code,\" which will force the display of the rotating barcode/static barcode.\n2. Rotating barcode: If a rotating barcode payload is specified\n3. Static barcode: If a barcode payload is specified\n\n\nSpecifying multiple redemption payloads can ensure all users are supported but\nmay have security implications. In particular, using a static barcode as a\nfallback for a rotating barcode negates most of the security benefits of using\nrotating barcodes. A static barcode fallback will only be shown in web views\nor on clients that do not support rotating barcodes. As of today, we expect\nall Google Wallet clients to support rotating barcodes.\n\nSave Flow\n\nThe Google Wallet API offers several flows, including:\n\n- Creating the transit classes at save time, or ahead of time\n- Sending the complete objects in your JWT, or saving the objects ahead of time then referencing them by ID in your JWT\n- Updating the objects after they have been saved\n\n\nThe proposed rotatingBarcode field is compatible with all these flows,\nhowever, in order to improve security, we suggest the following:\n\n- Call the `object:insert` API to insert the pass to the Google Wallet server and configure the Add to Google Wallet button to reference the specific object by ID in your JWT. This ensures that the resulting JWT does not include the secret key of the rotating barcode.\n- Use an OTP secret key that is scoped to a single pass\n- The key, unless it is updated, is expected to be valid for the lifespan of the pass. We do not expect this key to be updated on any frequency during the course of normal operation.\n\n\nThe following sequence diagram illustrates the flow between the various actors\nfor a typical integration:"]]
