Google Pay payment flows for JavaScript Library

Payment request - st.js library initiates authorisation request

The default behaviour of the st.js is to submit an authorisation request to the gateway once it’s been provided the encrypted payment data by Google. The payment gateway will return a JWT response containing the result to the st.js library. If you would prefer to send the authorisation in a separate API call, please refer to Payment request - merchant initiates authorisation request, else please review the Payment response section.


Payment request - merchant initiates authorisation request

  The following content assumes you have obtained the necessary PCI certification to process and submit sensitive cardholder data from your server.

Read this article to learn more.

To accept the Google encrypted payment data from the st.js and request an authorisation to the gateway in a separate step, please amend your Google Pay configuration to include property merchantUrl. Setting merchantUrl will POST the encrypted payment data to your secure endpoint. It is then your responsibility to submit the encrypted payment data in an AUTH request to the Trust Payments gateway.

  Field Format Description
table-optional.png merchantUrl
(Property of Google Pay config)

merchantUrl can be set by our merchants and this will POST the encrypted payment data to the URL.

  <div id="st-notification-frame"></div>
  <form id="st-form" action=""/>
<div id="st-google-pay"></div>
<script src="<CDN_DOMAIN>"></script>
(function() {
var st = SecureTrading({ 
jwt: 'INSERT YOUR JWT HERE',         

Replace <CDN_DOMAIN> with a supported domain. Click here for a full list.


To submit the authorisation request from your server backend to the payment gateway, we would recommend your system submits an AUTH request using our Webservices API.

  The following fields are both required in a Google Pay AUTH request. This is in addition to the required fields mentioned under Field specification for section 'AUTH request’

‘walletsource’ : ‘GOOGLEPAY’

‘wallettoken' : ‘<encrypted payment data received from Google- JSON encoded string>’


Payment response

Response Callback

To receive the authorisation response in a callback, please refer to this article, where we describe how to set submitCallback property in the st.js configuration.


Response POST redirect

If your preference is for the authorisation response to be sent in a POST to a secure URL, then you can do so by specifying an action URL on your checkout form. The POST redirect can be configured to fire depending on a successful, error or cancelled Google Pay checkout, with properties (submitOnSuccess, submitOnError or submitOnCancel). We describe this further in our full library specification.


Verifying the response

Before updating your system or sending out goods, you should verify the signature of the authorisation JWT response that was received through a callback or POST redirect. This process should be performed on your secure backend server, the same as you would for generating the initial request JWT when initialising the st.js library.

  Failing to verify the signature assigned to the JWT could introduce the potential of a bad actor to modify the authorisation response to make it appear as though the payment was successfully processed, when in actuality the card may have been declined.

For recommendations on how to best check the response, please refer to "Decode JWT response" section onwards on the Process your first transaction with JavaScript Library page.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request