Use a Google Account associated with a corporate email address to access the Google's Android Push Provisioning API documentation.
UX/branding Review: Google requires issuers to adhere to best practices and branding guidelines. The application UX needs to be submitted to Google for review.
Request access to Google's Push Provisioning API by submitting a form with issuer app's package name and fingerprint(s) for particular environments (Sandbox, Production).
Configure necessary settings on the TSP system according to Google Pay's requirements, paying close attention to especially the application package name.
Onboarding Form: The Thales integrator provides the Thales D1 Onboarding Form to gather all necessary configuration parameters to connect to D1, including Connectivity, Keys, D1 Services Configuration, and Card Products.
The issuers are required to open a project with TSP(s) (Visa/Mastercard) for their push provisioning integration projects. This activity is recommended to be initiated in parallel to the onboarding with Thales.
Connectivity: The APIs exposed by D1 require TLS mutual authentication for all API calls, necessitating explicit setup for both pre-production and production environments with a client certificate signed by Thales CA.
Backend authorisation: Incoming D1 APIs are secured by OAuth JWT Bearer Credentials Flow, where your backend sends a signed JWT to obtain a D1 access token for accessing D1 APIs.
Data encryption: Sensitive information exchanged with the D1 backend must be encrypted using the standard JWE format with specific algorithms and the recipient's EC public key.
Batch Registration: D1 offers a service to execute certain operations (such as consumer & card registration) in batch mode using batch files uploaded via SFTP.
Binary Integration: The issuer must integrate the D1 SDK binary into its application project.
SDK Initialisation: The issuer app must initialize the D1 SDK before it could call its APIs.
User Authentication: The issuer application must provide a proof of the end user authentication before it could consume D1 services.
Check Card State in Google Pay Wallet: The issuer app must check the card's digitization state in the Google Pay wallet using the D1PushWallet.getCardDigitizationState() API to determine the next action.
Pushing Card to Google Pay Wallet: When the user taps "Add to Google Pay", invoke the D1PushWallet.addDigitalCardToOEM() API to tokenize the card, ensuring the onActivityResult method is overridden to pass the result back to the SDK.
The issuer is required to test their integration using first Google Pay sandbox mode.
If issuers face errors in their tests they are required to first consult common errors before reporting the problem to Thales.
Google Pay launch process requires the issuers to pass a self-certification of their application and submit video recordings of the tests to Google for an app review.
Next, Google requires issuers to run a field testing of their app which must meet the exit criteria before the issuers could proceed with the final step.
After meeting the exit criteria the issuers could request Google Pay team's launch approval and when that is received the issuers could release the application publicly.
Last updated
Was this helpful?
Was this helpful?