Using Google Pay with PayGate reduces PCI DSS scope and enables a secure, streamlined checkout experience for your customers.

Overview

With Google Pay™, sensitive card details are encrypted and tokenised by Google before being passed to your server.
You submit this token to PayGate using the existing PayHost token payment flow, where the transaction is authorised as a card payment.

At no point are raw card details exposed to your systems.

Prerequisites

Before integrating Google Pay with PayGate, ensure that:

Your PayGate account is enabled for Token Payments (PayHost)
You have completed Google Pay onboarding for your platform (Web and/or Android)
You have accepted the Google Pay API Terms of Service and Acceptable Use Policy

Google Pay documentation and brand guidelines

Depending on your platform, refer to the official Google Pay documentation:

Google Pay Web
- Developer documentation:
  https://developers.google.com/pay/api/web/
- Integration checklist:
  https://developers.google.com/pay/api/web/guides/test-and-deploy/integration-checklist
- Brand guidelines:
  https://developers.google.com/pay/api/web/guides/brand-guidelines
Google Pay Android
- Developer documentation:
  https://developers.google.com/pay/api/android/
- Integration checklist:
  https://developers.google.com/pay/api/android/guides/test-and-deploy/integration-checklist
- Brand guidelines:
  https://developers.google.com/pay/api/android/guides/brand-guidelines

If you display Google Pay assets (logos or buttons), you must use approved assets in compliance with Google’s brand guidelines.

How Google Pay tokenisation works

sequenceDiagram
    participant Customer
    participant GooglePay as Google Pay™
    participant Merchant as Merchant Server
    participant PayGate as PayGate (PayHost)

    Customer->>GooglePay: Selects Google Pay at checkout
    GooglePay-->>Merchant: Returns encrypted payment token
    Merchant->>PayGate: Submit TokenPaymentRequest (SOAP)
    PayGate-->>Merchant: Authorisation response
    Merchant-->>Customer: Display payment result

Transaction flow summary

The customer selects Google Pay™ at checkout.
Google Pay returns an encrypted payment token to your server.
Your server submits a TokenPaymentRequest (SOAP) to PayGate (PayHost).
PayGate decrypts and authorises the transaction.
The authorisation result is returned to your server and displayed to the customer.

Google Pay client-side configuration

Before submitting a Google Pay payment to PayGate, merchants must configure Google Pay on the client side to produce a compatible payment token.

PayGate supports Google Pay in PAYMENT_GATEWAY mode using the PayGate gateway integration.

Tokenisation configuration

"type": "PAYMENT_GATEWAY",
"parameters": {
  "gateway": "paygate",
  "gatewayMerchantId": "<Your PayGate ID>"
}

gateway must be set to paygate
gatewayMerchantId is your PayGate merchant identifier

Allowed authentication methods

"allowedAuthMethods": ["PAN_ONLY", "CRYPTOGRAM_3DS"]

PAN_ONLY — Funding PAN (FPAN)
CRYPTOGRAM_3DS — Network token (DPAN)

Only include methods enabled for your merchant account.

Allowed card networks

"allowedCardNetworks": ["VISA", "MASTERCARD"]

Include only networks enabled on your account.

Billing address configuration (optional)

"billingAddressRequired": true,
"billingAddressParameters": {
  "format": "FULL"
}

Important notes

Google Pay configuration must align with your PayGate account capabilities
Incorrect settings may prevent successful tokenisation
Contact PayGate support if you are unsure which options are enabled

Submitting a Google Pay payment to PayGate

Google Pay payments are submitted using the PayHost TokenPaymentRequest message type.

The encrypted Google Pay token is sent to PayGate within the <Token> field, and TokenDetail must be set to GooglePay (case-sensitive).

Endpoint

Test & Production:
https://secure.paygate.co.za/payhost/process.trans

Example request (SOAP – TokenPaymentRequest)

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Header/>
  <SOAP-ENV:Body>
    <SinglePaymentRequest xmlns="http://www.paygate.co.za/PayHOST">
      <TokenPaymentRequest>

        <Account>
          <PayGateId>YOUR_PAYGATE_ID</PayGateId>
          <Password>YOUR_PAYGATE_PASSWORD</Password>
        </Account>

        <Customer>
          <Title>Mr</Title>
          <FirstName>John</FirstName>
          <LastName>Doe</LastName>
          <Email>john.doe@example.com</Email>
        </Customer>

        <Token>GOOGLE_PAY_TOKEN_VALUE</Token>
        <TokenDetail>GooglePay</TokenDetail>

        <Redirect>
          <NotifyUrl>https://yourdomain.com/notify</NotifyUrl>
          <ReturnUrl>https://yourdomain.com/return</ReturnUrl>
        </Redirect>

        <Order>
          <MerchantOrderId>ORDER_12345</MerchantOrderId>
          <Currency>ZAR</Currency>
          <Amount>1000</Amount>
        </Order>

      </TokenPaymentRequest>
    </SinglePaymentRequest>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Important notes

The <Token> field must contain the Google Pay token value exactly as returned by the Google Pay API (tokenizationData.token).
Do not parse, truncate, or reformat the token before submitting it to PayGate.
<TokenDetail> must be exactly GooglePay (case-sensitive).
<Amount> is specified in cents (e.g. 1000 = 10.00 ZAR).
Customer billing fields must use merchant-supplied billing data, not data parsed from the Google Pay token.

Key fields (TokenPaymentRequest)

Field	Description
`PayGateId`	Merchant’s PayGate ID
`Password`	PayGate API password
`Token`	Google Pay token value returned by the API
`TokenDetail`	Must be `GooglePay` (case-sensitive)
`MerchantOrderId`	Unique merchant order reference
`Currency`	ISO currency code (e.g. ZAR)
`Amount`	Transaction amount in cents

The Google Pay token is extracted from paymentData.paymentMethodData.tokenizationData.token in the Google Pay API response and must be sent in full within the <Token> field.

3D Secure behavior

Authentication for Google Pay transactions depends on the tokenization method used and the merchant’s PayGate configuration.

PAN_ONLY (FPAN)

Requires 3D Secure to be enabled on the merchant’s PayGate account
PayGate processes the transaction as a standard card payment
A 3D Secure challenge may occur depending on issuer requirements
No additional configuration is required beyond enabling 3D Secure

CRYPTOGRAM_3DS (DPAN)

Authentication is embedded in the cryptogram generated by Google Pay
No additional 3D Secure processing is performed by PayGate
No challenge flow is triggered
PayGate processes the tokenized credentials directly

Integration Considerations

If your integration supports both authentication methods, ensure your payment handling logic accounts for the different 3D Secure behaviors.

3D Secure Redirect Flow (if required)

For certain Google Pay transactions (typically PAN_ONLY / FPAN), the issuing bank may require 3D Secure authentication.

In this case, PayGate will initiate a browser-based redirect flow.

Step 1 — Include Redirect URLs in the request

When submitting a TokenPaymentRequest, merchants must include the <Redirect> element immediately after <TokenDetail>.

<Redirect>
  <NotifyUrl>https://yourdomain.com/notify</NotifyUrl>
  <ReturnUrl>https://yourdomain.com/return</ReturnUrl>
</Redirect>

NotifyUrl — Server-to-server callback endpoint (recommended source of truth)
ReturnUrl — Customer browser return destination after authentication

Step 2 — Handle ThreeDSecureRedirectRequired response

If authentication is required, PayGate will respond with:

StatusName = ThreeDSecureRedirectRequired

The response will include a redirect URL and parameters required to initiate the authentication process.

<Redirect>
  <RedirectUrl>https://secure.pgcoza.biz/PayHost/redirect.trans</RedirectUrl>

  <UrlParams>
    <key>PAY_REQUEST_ID</key>
    <value>59690B03-4742-4F34-A4B2-3705403C37A1</value>
  </UrlParams>

  <UrlParams>
    <key>PAYGATE_ID</key>
    <value>YOUR_PAYGATE_ID</value>
  </UrlParams>

  <UrlParams>
    <key>CHECKSUM</key>
    <value>6c7374e062bc08bb273b099eded3c54c</value>
  </UrlParams>
</Redirect>

Step 3 — Redirect the customer to the authentication page

Merchants must redirect the customer’s browser to the provided URL, including the supplied parameters.

This can be done either by:

Constructing a redirect URL with query parameters
Submitting an HTML form via POST (recommended)

Example HTML form:

<form id="payhostRedirectForm" method="POST" action="https://secure.pgcoza.biz/PayHost/redirect.trans">
  <input type="hidden" name="PAYGATE_ID" value="YOUR_PAYGATE_ID"/>
  <input type="hidden" name="PAY_REQUEST_ID" value="PAY_REQUEST_ID_VALUE"/>
  <input type="hidden" name="CHECKSUM" value="CHECKSUM_VALUE"/>
</form>

<script>
  document.getElementById("payhostRedirectForm").submit();
</script>

Step 4 — Wait for payment confirmation

After authentication completes:

The customer is redirected to the ReturnUrl
PayGate sends a server-to-server notification to the NotifyUrl

The notification includes:

PAY_REQUEST_ID
TRANSACTION_STATUS
CHECKSUM

Merchants should rely on the NotifyUrl callback as the authoritative transaction result.

Important notes

Do not fulfil orders based solely on browser redirects
Always verify payment status using server-side confirmation
The NotifyUrl callback may arrive before or after the customer returns

When is this flow required?

This redirect flow occurs only when:

PAN_ONLY authentication method is used
3D Secure is required by the issuer
The merchant account has 3D Secure enabled

Supported card networks

The card networks available through Google Pay depend on your Google Pay configuration and PayGate account setup.

Ensure that the card networks you enable in your Google Pay configuration match the networks supported by PayGate.

Refer to:

Google Pay Web card parameters:
https://developers.google.com/pay/api/web/reference/request-objects#CardParameters
Google Pay Android card parameters:
https://developers.google.com/pay/api/android/reference/request-objects#CardParameters

Testing and going live

Use Google Pay’s test environments to validate your integration before going live
Ensure your PayGate test credentials are correctly configured for token payments
Before enabling Google Pay in production, confirm:
- Google Pay API Terms of Service are accepted
- Google Pay Acceptable Use Policy requirements are met

Once your integration is complete, you can submit your documentation for Google review as part of the Google Pay processor onboarding process.

Related documentation