Learn about Google Pay's implementation requirements and suggested best practices for Web applications.
The Google Pay component follows Google's official guidelines for Web implementation. This page outlines the key requirements for compliance with Google Pay's brand guidelines and API specifications.
For complete Google Pay compliance requirements, refer to the Google Pay Brand Guidelines and Google Pay API Documentation.
- HTTPS required: All Google Pay implementations must use HTTPS (localhost exempt for development).
- Valid SSL certificate: Must have a valid SSL certificate from a recognised authority.
- Domain whitelisting: Domain must be whitelisted in Unity Portal configuration.
- Chrome: Chrome 61+ on all platforms.
- Safari: Safari 12.1+ on macOS and iOS.
- Firefox: Firefox 62+ on all platforms.
- Edge: Edge 79+ (Chromium-based) on Windows and macOS.
- Device requirements: User must have Google Pay configured with at least one payment method.
- Business profile: Active Google Pay Business Console account.
- Merchant verification: Completed merchant verification process.
- Gateway integration: Properly configured payment gateway integration.
- Terms acceptance: Acceptance of Google Pay API Terms of Service.
| Requirement | Description | Status |
|---|---|---|
| Equal prominence | Google Pay button presented with equal prominence to other payment methods. | required |
| Approved styles | Only uses Google-approved button types and colours. | required |
| Minimum height | Button height is at least 40px. | required |
| Maximum height | Button height does not exceed 72px. | required |
| Logo integrity | Google Pay logo is not distorted or modified. | required |
| Proper spacing | Adequate spacing around button (minimum 8px). | required |
| Responsive design | Button scales appropriately on all devices. | required |
- Never store sensitive payment information or raw card numbers.
- Validate all payment tokens on your secure server.
- Implement proper error handling and logging without exposing sensitive data.
- Keep SSL certificates up to date.
- Follow OWASP security guidelines.
- Only collect necessary payment data (data minimisation).
- Comply with applicable privacy regulations (GDPR, CCPA, etc.).
- Maintain proper audit logging for security and debugging.
- Handle payment tokens securely on the server side.
Before going live with Google Pay, ensure your implementation meets these requirements:
- HTTPS enabled on all pages with Google Pay (localhost exempt for development)
- Domain whitelisted in Unity Portal Google Pay configuration
- Payment gateway merchant ID properly configured
- Tested on Chrome, Safari, Firefox, and Edge
- Comprehensive error handling for all payment scenarios
- Uses Google-approved button styles and types
- Button height between 40px and 72px
- Google Pay button has equal prominence with other payment methods
- Logo used correctly without modification
- Proper capitalisation: "Google Pay" (not "GooglePay" or "Google pay")
- Valid SSL certificate from recognised authority
- No storage of sensitive payment information or raw card numbers
- Secure server-side processing of Google Pay tokens
- Audit logging without exposing sensitive data
- Privacy policy covers payment data usage
- Responsive design across desktop, tablet, and mobile
- Clear error messages and user guidance
- Graceful handling when Google Pay is unavailable
- Keyboard navigation and screen reader support
- Loading indicators during payment processing
- End-to-end payment testing in test environment
- Tested on actual devices with Google Pay configured
- All error scenarios tested and handled properly
- Accessibility tested with screen readers
- Provide fallback payment methods when Google Pay is unavailable
- Test thoroughly after browser updates
- Monitor Google Pay API changelog for changes
- Implement rate limiting to prevent abuse
- Track payment success and failure rates
- Set up alerts for unusual activity or high failure rates
- Regularly review compliance with Google's guidelines
- Update error handling as needed
For detailed compliance information, refer to Google's official documentation:
Failure to comply with Google Pay's guidelines may result in integration rejection or removal of Google Pay functionality. Regularly review Google's official documentation to ensure your implementation remains compliant.