--- title: "Decrypt Google Pay tokens if you are PCI-compliant" description: "Learn how to decrypt Google Pay tokens." url: "https://docs.adyen.com/payment-methods/google-pay/api-only/google-pay-token-decryption" source_url: "https://docs.adyen.com/payment-methods/google-pay/api-only/google-pay-token-decryption.md" canonical: "https://docs.adyen.com/payment-methods/google-pay/api-only/google-pay-token-decryption" last_modified: "2026-05-24T12:54:31+02:00" language: "en" --- # Decrypt Google Pay tokens if you are PCI-compliant Learn how to decrypt Google Pay tokens. [View source](/payment-methods/google-pay/api-only/google-pay-token-decryption.md) A Google Pay token contains encrypted card details that a shopper has stored in their Google Pay wallet. Google Pay tokens let you securely pass the data of your shoppers to a payment service provider, like Adyen, to process payments. If you are [PCI-compliant](/get-started-with-adyen/adyen-glossary/#pci-compliance) you can handle the token decryption and pass raw card details to Adyen. A benefit of handling the decryption is that auditing transactions is easier when you have more information, such as the shopper name. See [Google's documentation](https://developers.google.com/pay/api/android/guides/resources/payment-data-cryptography) for the full list of details in a decrypted token. Only handle the token decryption on your own in advanced setup scenarios, like when you have to submit Merchant Plug-In (MPI) data in a Google Pay request. ## Handle the decryption ### Requirements To decrypt Google Pay tokens on your own, you must: * Have a [Google Pay merchant ID](https://developers.google.com/pay/api/web/guides/setup#registration). * Be PCI-compliant to handle unencrypted card details. * Have an API-only integration. ### Decryption process To decrypt Google Pay tokens, follow the [steps outlined on the Google developer portal](https://developers.google.com/pay/api/android/guides/resources/payment-data-cryptography). Overview: 1. Fetch the Google root signing keys. 2. Verify that the signature of the intermediate signing key is valid by any of the root signing keys that is not expired. 3. Verify that the intermediate signing key of the payload is not expired. 4. Verify that the signature of the payload is valid by the intermediate signing key. 5. Decrypt the contents of the payload after you verify the signature. 6. Verify that the message isn't expired. This requires you to check that the current time is earlier than the `messageExpiration` field in the decrypted contents. 7. Use the payment method details you just decrypted to make the payment. Depending on whether the card is stored as FPAN or DPAN, you get the following output: **Output for FPAN** ```json { "paymentMethodDetails": { "authMethod": "PAN_ONLY", "pan": , "expirationMonth": , "expirationYear": } } ``` **Output for DPAN** ```json { "paymentMethodDetails": { "authMethod": "CRYPTOGRAM_3DS", "pan": , "expirationMonth": , "expirationYear": , "cryptogram": , "eciIndicator": } } ``` ### API reference The parameters listed in this section are specific to using decrypted Google Pay tokens. For descriptions of other parameters go to [/payments](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments). The parameters you must send in the request are different for cards stored as FPAN and cards stored as DPAN. FPAN payments may trigger 3D Secure 2, which requires additional fields. You can handle 3D Secure 2 for FPAN in a similar way to other scheme payment methods described [here](/online-payments/3d-secure/). ### Tab: FPAN | Parameter name | Required | Description | | ------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------- | ------------------------------------------------- | | [paymentMethod.type](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-fundRecipient-paymentMethod-type) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | **scheme** | | [paymentMethod.number](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-fundRecipient-paymentMethod-number) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | The `pan` from the decrypted payload. | | [expiryMonth](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-fundRecipient-paymentMethod-expiryMonth) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | The `expirationMonth` from the decrypted payload. | | [expiryYear](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-fundRecipient-paymentMethod-expiryYear) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | The `expirationYear` from the decrypted payload. | | [paymentMethod.brand](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-fundRecipient-paymentMethod-brand) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | **googlepay** | | `additionalData.paymentdatasource.type` | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | **googlepay** | | `additionalData.paymentdatasource.tokenized` | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | **false** | | [shopperInteraction](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-shopperInteraction) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | **Ecommerce** | **Payment request with FPAN** ```json { "PaymentMethod": { "type": "scheme", "number": "expiryMonth": , "expiryYear": , "brand": "googlepay" }, "additionalData": { "paymentdatasource.type": "googlepay", "paymentdatasource.tokenized": "false" }, "shopperInteraction" "Ecommerce" } ``` ### Tab: DPAN | Parameter name | Required | Description | | ------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------- | ------------------------------------------------------------------ | | [paymentMethod.type](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-fundRecipient-paymentMethod-type) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | **scheme** | | [paymentMethod.number](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-fundRecipient-paymentMethod-number) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | The `pan` from the decrypted payload. | | [expiryMonth](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-fundRecipient-paymentMethod-expiryMonth) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | The `expirationMonth` from the decrypted payload. | | [expiryYear](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-fundRecipient-paymentMethod-expiryYear) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | The `expirationYear` from the decrypted payload. | | [paymentMethod.brand](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-fundRecipient-paymentMethod-brand) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | **googlepay** | | [directoryResponse](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-mpiData-directoryResponse) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | **Y** | | [authenticationResponse](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-mpiData-authenticationResponse) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | **Y** | | [cavv](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-mpiData-cavv) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | The `cryptogram`. Pass the exact value in the decrypted payload. | | [eci](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-mpiData-eci) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | The `eciIndicator`. Pass the exact value in the decrypted payload. | | `additionalData.paymentdatasource.type` | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | **googlepay** | | `additionalData.paymentdatasource.tokenized` | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | **true** | | [shopperInteraction](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-shopperInteraction) | ![-white\_check\_mark-](/user/data/smileys/emoji/white_check_mark.png "-white_check_mark-") | **Ecommerce** | **Payment request with DPAN** ```json { "PaymentMethod": { "type": "scheme", "number": "expiryMonth": , "expiryYear": , "brand": "googlepay" }, "mpiData": { "directoryResponse": "Y", "authenticationResponse": "Y", "cavv": , // Pass the exact value in the decrypted payload "eci": // Pass the exact value in the decrypted payload }, "additionalData": { "paymentdatasource.type": "googlepay", "paymentdatasource.tokenized": "true" }, "Shopperinteraction" "Ecommerce" } ```