Cómo trabajar con tokens web JSON (JWT)

Los tokens web JSON son un estándar de la industria de uso general para transferir información de forma segura como un objeto JSON. Cuando usas la API de la Billetera de Google, codificas los detalles del objeto de pases que quieres usar para crear una instancia de pase en formato JWT (que se pronuncia “jot”) y luego envías ese JWT en una solicitud a la API de la Billetera de Google.

Los JWT se mantienen seguros al firmarlos con un secreto compartido antes de enviarlos a la API de la Billetera de Google. Si usas la API de REST de la Billetera de Google, el secreto de firma es la clave de tu cuenta de servicio de Google Cloud. Si usas el SDK de Android de la Billetera de Google, el secreto de firma es la huella digital SHA-1 para tu app para Android.

Codifica un pase en un JWT

Cuando crees el GenericObject, únelo a un JWT sin firmar con el atributo payload.GenericObjects, como se muestra en el siguiente fragmento:


  "aud": "google",
  "typ": "savetowallet",
  "iat": "UNIX_TIME",
  "origins": [],
  "payload": {
      "genericObjects": [ NEW_OBJECT ]

Para obtener más información sobre el formato esperado de los JWT, consulta la referencia de JWT.

Firma un JWT

Los JWT se mantienen seguros al firmarlos con un secreto compartido antes de enviarlos a la API de la Billetera de Google. Si usas la API de REST de la Billetera de Google, el secreto de firma es la clave de tu cuenta de servicio de Google Cloud. Si usas el SDK de Android de la Billetera de Google, el secreto de firma es la huella digital SHA-1 para tu app para Android.

Web, correo electrónico y SMS

El JWT debe firmarse con la clave de la cuenta de servicio asociada a la cuenta de servicio de Google Cloud que autorizaste en Business Console de Google Wallet. La API de Google Wallet validará estos reclamos al verificar la firma JWT.

Si firmas el JWT, se generará un token que puede usarse para crear un vínculo “Agregar a la Billetera de Google” que pueda usarse para emitir el pase a un usuario:


Para comenzar la integración en Java, consulta nuestras muestras de código completas en GitHub.

 * Generate a signed JWT that creates a new pass class and object.
 * <p>When the user opens the "Add to Google Wallet" URL and saves the pass to their wallet, the
 * pass class and object defined in the JWT are created. This allows you to create multiple pass
 * classes and objects in one API call when the user saves the pass to their wallet.
 * @param issuerId The issuer ID being used for this request.
 * @param classSuffix Developer-defined unique ID for this pass class.
 * @param objectSuffix Developer-defined unique ID for the pass object.
 * @return An "Add to Google Wallet" link.
public String createJWTNewObjects(String issuerId, String classSuffix, String objectSuffix) {
  // See link below for more information on required properties
  // https://developers.google.com/wallet/generic/rest/v1/genericclass
  GenericClass newClass = new GenericClass().setId(String.format("%s.%s", issuerId, classSuffix));

  // See link below for more information on required properties
  // https://developers.google.com/wallet/generic/rest/v1/genericobject
  GenericObject newObject =
      new GenericObject()
          .setId(String.format("%s.%s", issuerId, objectSuffix))
          .setClassId(String.format("%s.%s", issuerId, classSuffix))
              new Image()
                      new ImageUri()
                      new LocalizedString()
                              new TranslatedString()
                                  .setValue("Hero image description"))))
                          new TextModuleData()
                                  .setHeader("Text module header")
                                  .setBody("Text module body")
              new LinksModuleData()
                          new Uri()
                              .setDescription("Link module URI description")
                          new Uri()
                              .setDescription("Link module tel description")
                          new ImageModuleData()
                                          new Image()
                                                          new ImageUri()
                                                          new LocalizedString()
                                                                          new TranslatedString()
                                                                                  .setValue("Image module description"))))
          .setBarcode(new Barcode().setType("QR_CODE").setValue("QR code value"))
              new LocalizedString()
                      new TranslatedString().setLanguage("en-US").setValue("Generic card title")))
              new LocalizedString()
                      new TranslatedString().setLanguage("en-US").setValue("Generic header")))
              new Image()
                      new ImageUri()
                      new LocalizedString()
                              new TranslatedString()
                                  .setValue("Generic card logo"))));

  // Create the JWT as a HashMap object
  HashMap<String, Object> claims = new HashMap<String, Object>();
  claims.put("iss", ((ServiceAccountCredentials) credentials).getClientEmail());
  claims.put("aud", "google");
  claims.put("origins", List.of("www.example.com"));
  claims.put("typ", "savetowallet");

  // Create the Google Wallet payload and add to the JWT
  HashMap<String, Object> payload = new HashMap<String, Object>();
  payload.put("genericClasses", List.of(newClass));
  payload.put("genericObjects", List.of(newObject));
  claims.put("payload", payload);

  // The service account credentials are used to sign the JWT
  Algorithm algorithm =
          null, (RSAPrivateKey) ((ServiceAccountCredentials) credentials).getPrivateKey());
  String token = JWT.create().withPayload(claims).sign(algorithm);

  System.out.println("Add to Google Wallet link");
  System.out.printf("https://pay.google.com/gp/v/save/%s%n", token);

  return String.format("https://pay.google.com/gp/v/save/%s", token);


Para comenzar tu integración en PHP, consulta nuestras muestras de código completas en GitHub.

 * Generate a signed JWT that creates a new pass class and object.
 * When the user opens the "Add to Google Wallet" URL and saves the pass to
 * their wallet, the pass class and object defined in the JWT are
 * created. This allows you to create multiple pass classes and objects in
 * one API call when the user saves the pass to their wallet.
 * @param string $issuerId The issuer ID being used for this request.
 * @param string $classSuffix Developer-defined unique ID for the pass class.
 * @param string $objectSuffix Developer-defined unique ID for the pass object.
 * @return string An "Add to Google Wallet" link.
public function createJwtNewObjects(string $issuerId, string $classSuffix, string $objectSuffix)
  // See link below for more information on required properties
  // https://developers.google.com/wallet/generic/rest/v1/genericclass
  $newClass = new GenericClass([
    'id' => "{$issuerId}.{$classSuffix}",

  // See link below for more information on required properties
  // https://developers.google.com/wallet/generic/rest/v1/genericobject
  $newObject = new GenericObject([
    'id' => "{$issuerId}.{$objectSuffix}",
    'classId' => "{$issuerId}.{$classSuffix}",
    'state' => 'ACTIVE',
    'heroImage' => new Image([
      'sourceUri' => new ImageUri([
        'uri' => 'https://farm4.staticflickr.com/3723/11177041115_6e6a3b6f49_o.jpg'
      'contentDescription' => new LocalizedString([
        'defaultValue' => new TranslatedString([
          'language' => 'en-US',
          'value' => 'Hero image description'
    'textModulesData' => [
      new TextModuleData([
        'header' => 'Text module header',
        'body' => 'Text module body',
        'id' => 'TEXT_MODULE_ID'
    'linksModuleData' => new LinksModuleData([
      'uris' => [
        new Uri([
          'uri' => 'http://maps.google.com/',
          'description' => 'Link module URI description',
          'id' => 'LINK_MODULE_URI_ID'
        new Uri([
          'uri' => 'tel:6505555555',
          'description' => 'Link module tel description',
          'id' => 'LINK_MODULE_TEL_ID'
    'imageModulesData' => [
      new ImageModuleData([
        'mainImage' => new Image([
          'sourceUri' => new ImageUri([
            'uri' => 'http://farm4.staticflickr.com/3738/12440799783_3dc3c20606_b.jpg'
          'contentDescription' => new LocalizedString([
            'defaultValue' => new TranslatedString([
              'language' => 'en-US',
              'value' => 'Image module description'
        'id' => 'IMAGE_MODULE_ID'
    'barcode' => new Barcode([
      'type' => 'QR_CODE',
      'value' => 'QR code value'
    'cardTitle' => new LocalizedString([
      'defaultValue' => new TranslatedString([
        'language' => 'en-US',
        'value' => 'Generic card title'
    'header' => new LocalizedString([
      'defaultValue' => new TranslatedString([
        'language' => 'en-US',
        'value' => 'Generic header'
    'hexBackgroundColor' => '#4285f4',
    'logo' => new Image([
      'sourceUri' => new ImageUri([
        'uri' => 'https://storage.googleapis.com/wallet-lab-tools-codelab-artifacts-public/pass_google_logo.jpg'
      'contentDescription' => new LocalizedString([
        'defaultValue' => new TranslatedString([
          'language' => 'en-US',
          'value' => 'Generic card logo'

  // The service account credentials are used to sign the JWT
  $serviceAccount = json_decode(file_get_contents($this->keyFilePath), true);

  // Create the JWT as an array of key/value pairs
  $claims = [
    'iss' => $serviceAccount['client_email'],
    'aud' => 'google',
    'origins' => ['www.example.com'],
    'typ' => 'savetowallet',
    'payload' => [
      'genericClasses' => [
      'genericObjects' => [

  $token = JWT::encode(

  print "Add to Google Wallet link\n";
  print "https://pay.google.com/gp/v/save/{$token}";

  return "https://pay.google.com/gp/v/save/{$token}";


Para comenzar la integración en Python, consulta nuestras muestras de código completas en GitHub.

def create_jwt_new_objects(self, issuer_id: str, class_suffix: str,
                           object_suffix: str) -> str:
    """Generate a signed JWT that creates a new pass class and object.

    When the user opens the "Add to Google Wallet" URL and saves the pass to
    their wallet, the pass class and object defined in the JWT are
    created. This allows you to create multiple pass classes and objects in
    one API call when the user saves the pass to their wallet.

        issuer_id (str): The issuer ID being used for this request.
        class_suffix (str): Developer-defined unique ID for the pass class.
        object_suffix (str): Developer-defined unique ID for the pass object.

        An "Add to Google Wallet" link.

    # See link below for more information on required properties
    # https://developers.google.com/wallet/generic/rest/v1/genericclass
    new_class = {'id': f'{issuer_id}.{class_suffix}'}

    # See link below for more information on required properties
    # https://developers.google.com/wallet/generic/rest/v1/genericobject
    new_object = {
        'id': f'{issuer_id}.{object_suffix}',
        'classId': f'{issuer_id}.{class_suffix}',
        'state': 'ACTIVE',
        'heroImage': {
            'sourceUri': {
            'contentDescription': {
                'defaultValue': {
                    'language': 'en-US',
                    'value': 'Hero image description'
        'textModulesData': [{
            'header': 'Text module header',
            'body': 'Text module body',
            'id': 'TEXT_MODULE_ID'
        'linksModuleData': {
            'uris': [{
                'uri': 'http://maps.google.com/',
                'description': 'Link module URI description',
                'id': 'LINK_MODULE_URI_ID'
            }, {
                'uri': 'tel:6505555555',
                'description': 'Link module tel description',
                'id': 'LINK_MODULE_TEL_ID'
        'imageModulesData': [{
            'mainImage': {
                'sourceUri': {
                'contentDescription': {
                    'defaultValue': {
                        'language': 'en-US',
                        'value': 'Image module description'
            'id': 'IMAGE_MODULE_ID'
        'barcode': {
            'type': 'QR_CODE',
            'value': 'QR code'
        'cardTitle': {
            'defaultValue': {
                'language': 'en-US',
                'value': 'Generic card title'
        'header': {
            'defaultValue': {
                'language': 'en-US',
                'value': 'Generic header'
        'hexBackgroundColor': '#4285f4',
        'logo': {
            'sourceUri': {
            'contentDescription': {
                'defaultValue': {
                    'language': 'en-US',
                    'value': 'Generic card logo'

    # Create the JWT claims
    claims = {
        'iss': self.credentials.service_account_email,
        'aud': 'google',
        'origins': ['www.example.com'],
        'typ': 'savetowallet',
        'payload': {
            # The listed classes and objects will be created
            'genericClasses': [new_class],
            'genericObjects': [new_object]

    # The service account credentials are used to sign the JWT
    signer = crypt.RSASigner.from_service_account_file(self.key_file_path)
    token = jwt.encode(signer, claims).decode('utf-8')

    print('Add to Google Wallet link')

    return f'https://pay.google.com/gp/v/save/{token}'


Para comenzar tu integración en C#, consulta nuestras muestras de código completas en GitHub.

/// <summary>
/// Generate a signed JWT that creates a new pass class and object.
/// <para />
/// When the user opens the "Add to Google Wallet" URL and saves the pass to
/// their wallet, the pass class and object defined in the JWT are created.
/// This allows you to create multiple pass classes and objects in one API
/// call when the user saves the pass to their wallet.
/// <para />
/// The Google Wallet C# library uses Newtonsoft.Json.JsonPropertyAttribute
/// to specify the property names when converting objects to JSON. The
/// Newtonsoft.Json.JsonConvert.SerializeObject method will automatically
/// serialize the object with the right property names.
/// </summary>
/// <param name="issuerId">The issuer ID being used for this request.</param>
/// <param name="classSuffix">Developer-defined unique ID for this pass class.</param>
/// <param name="objectSuffix">Developer-defined unique ID for the pass object.</param>
/// <returns>An "Add to Google Wallet" link.</returns>
public string CreateJWTNewObjects(string issuerId, string classSuffix, string objectSuffix)
  // Ignore null values when serializing to/from JSON
  JsonSerializerSettings excludeNulls = new JsonSerializerSettings()
    NullValueHandling = NullValueHandling.Ignore

  // See link below for more information on required properties
  // https://developers.google.com/wallet/generic/rest/v1/genericclass
  GenericClass newClass = new GenericClass
    Id = $"{issuerId}.{classSuffix}"

  // See link below for more information on required properties
  // https://developers.google.com/wallet/generic/rest/v1/genericobject
  GenericObject newObject = new GenericObject
    Id = $"{issuerId}.{objectSuffix}",
    ClassId = $"{issuerId}.{classSuffix}",
    State = "ACTIVE",
    HeroImage = new Image
      SourceUri = new ImageUri
        Uri = "https://farm4.staticflickr.com/3723/11177041115_6e6a3b6f49_o.jpg"
      ContentDescription = new LocalizedString
        DefaultValue = new TranslatedString
          Language = "en-US",
          Value = "Hero image description"
    TextModulesData = new List<TextModuleData>
        new TextModuleData
          Header = "Text module header",
          Body = "Text module body",
          Id = "TEXT_MODULE_ID"
    LinksModuleData = new LinksModuleData
      Uris = new List<Google.Apis.Walletobjects.v1.Data.Uri>
          new Google.Apis.Walletobjects.v1.Data.Uri
            UriValue = "http://maps.google.com/",
            Description = "Link module URI description",
            Id = "LINK_MODULE_URI_ID"
          new Google.Apis.Walletobjects.v1.Data.Uri
            UriValue = "tel:6505555555",
            Description = "Link module tel description",
            Id = "LINK_MODULE_TEL_ID"
    ImageModulesData = new List<ImageModuleData>
        new ImageModuleData
          MainImage = new Image
            SourceUri = new ImageUri
              Uri = "http://farm4.staticflickr.com/3738/12440799783_3dc3c20606_b.jpg"
            ContentDescription = new LocalizedString
              DefaultValue = new TranslatedString
                Language = "en-US",
                Value = "Image module description"
          Id = "IMAGE_MODULE_ID"
    Barcode = new Barcode
      Type = "QR_CODE",
      Value = "QR code"
    CardTitle = new LocalizedString
      DefaultValue = new TranslatedString
        Language = "en-US",
        Value = "Generic card title"
    Header = new LocalizedString
      DefaultValue = new TranslatedString
        Language = "en-US",
        Value = "Generic header"
    HexBackgroundColor = "#4285f4",
    Logo = new Image
      SourceUri = new ImageUri
        Uri = "https://storage.googleapis.com/wallet-lab-tools-codelab-artifacts-public/pass_google_logo.jpg"
      ContentDescription = new LocalizedString
        DefaultValue = new TranslatedString
          Language = "en-US",
          Value = "Generic card logo"

  // Create JSON representations of the class and object
  JObject serializedClass = JObject.Parse(
      JsonConvert.SerializeObject(newClass, excludeNulls));
  JObject serializedObject = JObject.Parse(
      JsonConvert.SerializeObject(newObject, excludeNulls));

  // Create the JWT as a JSON object
  JObject jwtPayload = JObject.Parse(JsonConvert.SerializeObject(new
    iss = credentials.Id,
    aud = "google",
    origins = new List<string>
    typ = "savetowallet",
    payload = JObject.Parse(JsonConvert.SerializeObject(new
      // The listed classes and objects will be created
      // when the user saves the pass to their wallet
      genericClasses = new List<JObject>
      genericObjects = new List<JObject>

  // Deserialize into a JwtPayload
  JwtPayload claims = JwtPayload.Deserialize(jwtPayload.ToString());

  // The service account credentials are used to sign the JWT
  RsaSecurityKey key = new RsaSecurityKey(credentials.Key);
  SigningCredentials signingCredentials = new SigningCredentials(
      key, SecurityAlgorithms.RsaSha256);
  JwtSecurityToken jwt = new JwtSecurityToken(
      new JwtHeader(signingCredentials), claims);
  string token = new JwtSecurityTokenHandler().WriteToken(jwt);

  Console.WriteLine("Add to Google Wallet link");

  return $"https://pay.google.com/gp/v/save/{token}";


Para comenzar la integración en Node, consulta nuestras muestras de código completas en GitHub.

 * Generate a signed JWT that creates a new pass class and object.
 * When the user opens the "Add to Google Wallet" URL and saves the pass to
 * their wallet, the pass class and object defined in the JWT are
 * created. This allows you to create multiple pass classes and objects in
 * one API call when the user saves the pass to their wallet.
 * @param {string} issuerId The issuer ID being used for this request.
 * @param {string} classSuffix Developer-defined unique ID for the pass class.
 * @param {string} objectSuffix Developer-defined unique ID for the pass object.
 * @returns {string} An "Add to Google Wallet" link.
createJwtNewObjects(issuerId, classSuffix, objectSuffix) {
  // See link below for more information on required properties
  // https://developers.google.com/wallet/generic/rest/v1/genericclass
  let newClass = {
    'id': `${issuerId}.${classSuffix}`

  // See link below for more information on required properties
  // https://developers.google.com/wallet/generic/rest/v1/genericobject
  let newObject = {
    'id': `${issuerId}.${objectSuffix}`,
    'classId': `${issuerId}.${classSuffix}`,
    'state': 'ACTIVE',
    'heroImage': {
      'sourceUri': {
        'uri': 'https://farm4.staticflickr.com/3723/11177041115_6e6a3b6f49_o.jpg'
      'contentDescription': {
        'defaultValue': {
          'language': 'en-US',
          'value': 'Hero image description'
    'textModulesData': [
        'header': 'Text module header',
        'body': 'Text module body',
        'id': 'TEXT_MODULE_ID'
    'linksModuleData': {
      'uris': [
          'uri': 'http://maps.google.com/',
          'description': 'Link module URI description',
          'id': 'LINK_MODULE_URI_ID'
          'uri': 'tel:6505555555',
          'description': 'Link module tel description',
          'id': 'LINK_MODULE_TEL_ID'
    'imageModulesData': [
        'mainImage': {
          'sourceUri': {
            'uri': 'http://farm4.staticflickr.com/3738/12440799783_3dc3c20606_b.jpg'
          'contentDescription': {
            'defaultValue': {
              'language': 'en-US',
              'value': 'Image module description'
        'id': 'IMAGE_MODULE_ID'
    'barcode': {
      'type': 'QR_CODE',
      'value': 'QR code'
    'cardTitle': {
      'defaultValue': {
        'language': 'en-US',
        'value': 'Generic card title'
    'header': {
      'defaultValue': {
        'language': 'en-US',
        'value': 'Generic header'
    'hexBackgroundColor': '#4285f4',
    'logo': {
      'sourceUri': {
        'uri': 'https://storage.googleapis.com/wallet-lab-tools-codelab-artifacts-public/pass_google_logo.jpg'
      'contentDescription': {
        'defaultValue': {
          'language': 'en-US',
          'value': 'Generic card logo'

  // Create the JWT claims
  let claims = {
    iss: this.credentials.client_email,
    aud: 'google',
    origins: ['www.example.com'],
    typ: 'savetowallet',
    payload: {
      // The listed classes and objects will be created
      genericClasses: [newClass],
      genericObjects: [newObject]

  // The service account credentials are used to sign the JWT
  let token = jwt.sign(claims, this.credentials.private_key, { algorithm: 'RS256' });

  console.log('Add to Google Wallet link');

  return `https://pay.google.com/gp/v/save/${token}`;


Para comenzar la integración en Go, consulta nuestras muestras de código completas en las muestras de código de GitHub de GitHub.

// Generate a signed JWT that creates a new pass class and object.
// When the user opens the "Add to Google Wallet" URL and saves the pass to
// their wallet, the pass class and object defined in the JWT are
// created. This allows you to create multiple pass classes and objects in
// one API call when the user saves the pass to their wallet.
func (d *demoGeneric) createJwtNewObjects(issuerId, classSuffix, objectSuffix string) {
	genericObject := new(walletobjects.GenericObject)
	genericObject.Id = fmt.Sprintf("%s.%s", issuerId, objectSuffix)
	genericObject.ClassId = fmt.Sprintf("%s.%s", issuerId, classSuffix)
	genericObject.State = "ACTIVE"
	genericObject.Barcode = &walletobjects.Barcode{
		Type:  "QR_CODE",
		Value: "QR code",
	genericObject.CardTitle = &walletobjects.LocalizedString{
		DefaultValue: &walletobjects.TranslatedString{
			Language: "en-us",
			Value:    "Card title",
	genericObject.Header = &walletobjects.LocalizedString{
		DefaultValue: &walletobjects.TranslatedString{
			Language: "en-us",
			Value:    "Header",

	genericJson, _ := json.Marshal(genericObject)
	var payload map[string]any
		"genericObjects": [%s]
	`, genericJson)), &payload)
	claims := jwt.MapClaims{
		"iss":     d.credentials.Email,
		"aud":     "google",
		"origins": []string{"www.example.com"},
		"typ":     "savetowallet",
		"payload": payload,

	// The service account credentials are used to sign the JWT
	key, _ := jwt.ParseRSAPrivateKeyFromPEM(d.credentials.PrivateKey)
	token, _ := jwt.NewWithClaims(jwt.SigningMethodRS256, claims).SignedString(key)

	fmt.Println("Add to Google Wallet link")
	fmt.Println("https://pay.google.com/gp/v/save/" + token)

Apps para Android

Cuando se llama al método savePasses para emitir un pase a un usuario, el SDK de Android de la Billetera de Google firma automáticamente tu JWT con la huella digital SHA-1 de la clave de firma de la app que proporcionaste en Google Wallet Business Console. Como alternativa, también puedes emitir el pase mediante un JWT firmado con anterioridad mediante el método savePassesJwt del SDK de Android.

Para obtener más información, consulta Emite pases con el SDK de Android.