Tokenize Google Pay
Turn a Google Pay payment into a stored wallet token. Pass the PaymentMethodToken envelope exactly as Google Pay returns it — Guardian verifies the ECv2 signature chain and decrypts the payload server-side, so the decrypted card data never touches your systems.
The resulting wallet token carries one of two authentication methods, reflected in the auth_method field:
CRYPTOGRAM_3DS— a device-bound token with DPAN and cryptogram, forwardable once.PAN_ONLY— a card-on-file token with the funding PAN, forwardable repeatedly and eligible for promotion to a network token.
Submitting the same envelope twice returns 409 with the classifier GOOGLE_PAY_DUPLICATE_PAYLOAD. Rejected envelopes return 422 with a classifier naming the cause: GOOGLE_PAY_SIGNATURE_INVALID, GOOGLE_PAY_DECRYPTION_FAILED, GOOGLE_PAY_TOKEN_EXPIRED, or GOOGLE_PAY_MALFORMED_TOKEN.
See Google Pay for prerequisites and the full flow.
Authorizations
Body
Google's PaymentMethodToken envelope, passed through verbatim as returned by the Google Pay API — including its original camelCase keys.
Response
Success response
The specific credential kind, e.g. google_pay_pan_only or google_pay_cryptogram_3ds.
"google_pay_pan_only"
The wallet the token was ingested from.
"google_pay"
visa, mastercard, american express, discover, diners club, jcb, unionpay The authentication method of the Google Pay credential. Determines which placeholders are available when forwarding and whether the token can be promoted.
PAN_ONLY, CRYPTOGRAM_3DS Whether the payment still requires 3-D Secure authentication on your side.
The ID of the network token this wallet token was promoted to. null until the token is promoted.
Set when the token has been deleted and its card data scrubbed.