Accept Google Pay™ payments using a tokenised, host-to-host (PayHost) integration with PayGate. This approach allows you to authorise payments using an encrypted Google Pay payload, without handling raw card data.
Using Google Pay with PayGate reduces PCI DSS scope and enables a secure, streamlined checkout experience for your customers.
Overview
With Google Pay™, sensitive card details are encrypted and tokenised by Google before being passed to your server.
You submit this token to PayGate using the existing PayHost token payment flow, where the transaction is authorised as a card payment.
At no point are raw card details exposed to your systems.
Prerequisites
Before integrating Google Pay with PayGate, ensure that:
-
Your PayGate account is enabled for Token Payments (PayHost)
-
You have completed Google Pay onboarding for your platform (Web and/or Android)
-
You have accepted the Google Pay API Terms of Service and Acceptable Use Policy
Google Pay documentation and brand guidelines
Depending on your platform, refer to the official Google Pay documentation:
-
Google Pay Web
-
Developer documentation:
https://developers.google.com/pay/api/web/ -
Integration checklist:
https://developers.google.com/pay/api/web/guides/test-and-deploy/integration-checklist -
Brand guidelines:
https://developers.google.com/pay/api/web/guides/brand-guidelines
-
-
Google Pay Android
-
Developer documentation:
https://developers.google.com/pay/api/android/ -
Integration checklist:
https://developers.google.com/pay/api/android/guides/test-and-deploy/integration-checklist -
Brand guidelines:
https://developers.google.com/pay/api/android/guides/brand-guidelines
-
If you display Google Pay assets (logos or buttons), you must use approved assets in compliance with Google’s brand guidelines.
How Google Pay tokenisation works
sequenceDiagram
participant Customer
participant GooglePay as Google Pay™
participant Merchant as Merchant Server
participant PayGate as PayGate (PayHost)
Customer->>GooglePay: Selects Google Pay at checkout
GooglePay-->>Merchant: Returns encrypted payment token
Merchant->>PayGate: Submit TokenPaymentRequest (SOAP)
PayGate-->>Merchant: Authorisation response
Merchant-->>Customer: Display payment result
Transaction flow summary
-
The customer selects Google Pay™ at checkout.
-
Google Pay returns an encrypted payment token to your server.
-
Your server submits a TokenPaymentRequest (SOAP) to PayGate (PayHost).
-
PayGate decrypts and authorises the transaction.
-
The authorisation result is returned to your server and displayed to the customer.
Google Pay client-side configuration
Before submitting a Google Pay payment to PayGate, merchants must configure Google Pay on the client side to produce a compatible payment token.
PayGate supports Google Pay in PAYMENT_GATEWAY mode using the PayGate gateway integration.
Tokenisation configuration
"type": "PAYMENT_GATEWAY",
"parameters": {
"gateway": "paygate",
"gatewayMerchantId": "<Your PayGate ID>"
}-
gateway must be set to
paygate -
gatewayMerchantId is your PayGate merchant identifier
Allowed authentication methods
"allowedAuthMethods": ["PAN_ONLY", "CRYPTOGRAM_3DS"]-
PAN_ONLY— Funding PAN (FPAN) -
CRYPTOGRAM_3DS— Network token (DPAN)
Only include methods enabled for your merchant account.
Allowed card networks
"allowedCardNetworks": ["VISA", "MASTERCARD"]Include only networks enabled on your account.
Billing address configuration (optional)
"billingAddressRequired": true,
"billingAddressParameters": {
"format": "FULL"
}Important notes
-
Google Pay configuration must align with your PayGate account capabilities
-
Incorrect settings may prevent successful tokenisation
-
Contact PayGate support if you are unsure which options are enabled
Submitting a Google Pay payment to PayGate
Google Pay payments are submitted using the PayHost TokenPaymentRequest message type.
The encrypted Google Pay token is sent to PayGate within the <Token> field, and TokenDetail must be set to GooglePay (case-sensitive).
Endpoint
Test & Production:
https://secure.paygate.co.za/payhost/process.trans
Example request (SOAP – TokenPaymentRequest)
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<SinglePaymentRequest xmlns="http://www.paygate.co.za/PayHOST">
<TokenPaymentRequest>
<Account>
<PayGateId>YOUR_PAYGATE_ID</PayGateId>
<Password>YOUR_PAYGATE_PASSWORD</Password>
</Account>
<Customer>
<Title>Mr</Title>
<FirstName>John</FirstName>
<LastName>Doe</LastName>
<Email>[email protected]</Email>
</Customer>
<Token>BASE64_ENCODED_GOOGLE_PAY_TOKEN</Token>
<TokenDetail>GooglePay</TokenDetail>
<Redirect>
<NotifyUrl>https://yourdomain.com/notify</NotifyUrl>
<ReturnUrl>https://yourdomain.com/return</ReturnUrl>
</Redirect>
<Order>
<MerchantOrderId>ORDER_12345</MerchantOrderId>
<Currency>ZAR</Currency>
<Amount>1000</Amount>
</Order>
</TokenPaymentRequest>
</SinglePaymentRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>Important notes
• The <Token> field must contain the Google Pay token value returned by the Google Pay API (tokenizationData.token), Base64 encoded.
• Do not parse, truncate, reformat, or modify the token before encoding and submitting it to PayGate.
• <TokenDetail> must be exactly GooglePay (case-sensitive).
• <Amount> is specified in cents (e.g., 1000 = 10.00 ZAR).
• Customer billing fields must use merchant-supplied billing data, not data parsed from the Google Pay token.
Key fields (TokenPaymentRequest)
| Field | Description |
|---|---|
PayGateId | Merchant’s PayGate ID |
Password | PayGate API password |
Token | Google Pay token value returned by the API |
TokenDetail | Must be GooglePay (case-sensitive) |
MerchantOrderId | Unique merchant order reference |
Currency | ISO currency code (e.g. ZAR) |
Amount | Transaction amount in cents |
The Google Pay token is extracted from
paymentData.paymentMethodData.tokenizationData.tokenin the Google Pay API response and must be sent in full within the<Token>field.
3D Secure behavior
Authentication for Google Pay transactions depends on the tokenization method used and the merchant’s PayGate configuration.
PAN_ONLY (FPAN)
-
Requires 3D Secure to be enabled on the merchant’s PayGate account
-
PayGate processes the transaction as a standard card payment
-
A 3D Secure challenge may occur depending on issuer requirements
-
No additional configuration is required beyond enabling 3D Secure
CRYPTOGRAM_3DS (DPAN)
-
Authentication is embedded in the cryptogram generated by Google Pay
-
No additional 3D Secure processing is performed by PayGate
-
No challenge flow is triggered
-
PayGate processes the tokenized credentials directly
Integration Considerations
If your integration supports both authentication methods, ensure your payment handling logic accounts for the different 3D Secure behaviors.
3D Secure Redirect Flow (if required)
For certain Google Pay transactions (typically PAN_ONLY / FPAN), the issuing bank may require 3D Secure authentication.
In this case, PayGate will initiate a browser-based redirect flow.
Step 1 — Include Redirect URLs in the request
When submitting a TokenPaymentRequest, merchants must include the <Redirect> element immediately after <TokenDetail>.
<Redirect>
<NotifyUrl>https://yourdomain.com/notify</NotifyUrl>
<ReturnUrl>https://yourdomain.com/return</ReturnUrl>
</Redirect>-
NotifyUrl — Server-to-server callback endpoint (recommended source of truth)
-
ReturnUrl — Customer browser return destination after authentication
Step 2 — Handle ThreeDSecureRedirectRequired response
If authentication is required, PayGate will respond with:
StatusName = ThreeDSecureRedirectRequiredThe response will include a redirect URL and parameters required to initiate the authentication process.
<Redirect>
<RedirectUrl>https://secure.pgcoza.biz/PayHost/redirect.trans</RedirectUrl>
<UrlParams>
<key>PAY_REQUEST_ID</key>
<value>59690B03-4742-4F34-A4B2-3705403C37A1</value>
</UrlParams>
<UrlParams>
<key>PAYGATE_ID</key>
<value>YOUR_PAYGATE_ID</value>
</UrlParams>
<UrlParams>
<key>CHECKSUM</key>
<value>6c7374e062bc08bb273b099eded3c54c</value>
</UrlParams>
</Redirect>Step 3 — Redirect the customer to the authentication page
Merchants must redirect the customer’s browser to the provided URL, including the supplied parameters.
This can be done either by:
-
Constructing a redirect URL with query parameters
-
Submitting an HTML form via POST (recommended)
Example HTML form:
<form id="payhostRedirectForm" method="POST" action="https://secure.pgcoza.biz/PayHost/redirect.trans">
<input type="hidden" name="PAYGATE_ID" value="YOUR_PAYGATE_ID"/>
<input type="hidden" name="PAY_REQUEST_ID" value="PAY_REQUEST_ID_VALUE"/>
<input type="hidden" name="CHECKSUM" value="CHECKSUM_VALUE"/>
</form>
<script>
document.getElementById("payhostRedirectForm").submit();
</script>Step 4 — Wait for payment confirmation
After authentication completes:
-
The customer is redirected to the
ReturnUrl -
PayGate sends a server-to-server notification to the
NotifyUrl
The notification includes:
-
PAY_REQUEST_ID
-
TRANSACTION_STATUS
-
CHECKSUM
Merchants should rely on the NotifyUrl callback as the authoritative transaction result.
Important notes
-
Do not fulfil orders based solely on browser redirects
-
Always verify payment status using server-side confirmation
-
The NotifyUrl callback may arrive before or after the customer returns
When is this flow required?
This redirect flow occurs only when:
-
PAN_ONLY authentication method is used
-
3D Secure is required by the issuer
-
The merchant account has 3D Secure enabled
Supported card networks
The card networks available through Google Pay depend on your Google Pay configuration and PayGate account setup.
Ensure that the card networks you enable in your Google Pay configuration match the networks supported by PayGate.
Refer to:
-
Google Pay Web card parameters:
https://developers.google.com/pay/api/web/reference/request-objects#CardParameters -
Google Pay Android card parameters:
https://developers.google.com/pay/api/android/reference/request-objects#CardParameters
Testing and going live
-
Use Google Pay’s test environments to validate your integration before going live
-
Ensure your PayGate test credentials are correctly configured for token payments
-
Before enabling Google Pay in production, confirm:
-
Google Pay API Terms of Service are accepted
-
Google Pay Acceptable Use Policy requirements are met
-
Once your integration is complete, you can submit your documentation for Google review as part of the Google Pay processor onboarding process.

