Generating Google Wallet REST API authentication credentials

Google Wallet offers a REST API that lets you create and manage passes by sending requests to the Google Wallet API over HTTP. This is useful for those who want to build server-side services to work with passes programmatically.

To use the Google Wallet REST API, you must enable the API in the Google Cloud console, create a Google Cloud service account, then generate a key for the service account.

When you create passes with the REST API, the service account key used to sign your JSON Web Token-encoded Passes Objects.

For other operations, such as updating or deleting passes, the service account key is sent with the request to authenticate you as the Pass Issuer.

1. Enable the Google Wallet REST API

To enable the Google Wallet REST API, do the following:

  1. If you don't already have a Google Cloud account, go to the Google Cloud console and follow the steps to register for a new account.
  2. From the project drop-down menu at the top of the console, select the Google Cloud project you want to use, or create a new one.
  3. Go to the Google Wallet API product details page in the Google Cloud console Marketplace.
  4. Click the 'Enable' button. In a few moments, the Google Wallet REST API will be available for the selected Google Cloud project.

2. Generate a Google Cloud service account key

To authenticate requests to the Google Wallet REST API, you'll need to create a service account, and generate a service account key by doing the following:

  1. Go to the 'Create service account' page in the Google Cloud console.
  2. Fill in the service account details. Note the email address for the service account that appears below the 'Service account ID' field. You will need this later when you use the service account to authenticate your requests to the Google Wallet REST API.
  3. Click the 'DONE' button. There is no need to complete the other service account creation steps.
  4. Click the 'KEYS' menu item at the top of the page.
  5. Click the 'ADD KEY' drop-down menu, then click 'Create new key'.
  6. Select key type 'JSON'.
  7. Click 'CREATE' to create and download the service account key.

3. Authorize your service account in the Google Wallet console

To authenticate your requests to the Google Wallet REST API using a service account key, you must add the email address of your service account as a user to your Issuer account. To add your service account as a user, do the following:

  1. Go to the 'Service accounts' page in the Google Cloud console.
  2. Copy the email address of the service account you want to use to authenticate your requests to the Google Wallet API.
  3. Go to the Google Pay & Wallet console.
  4. In the left nav, click 'Users'.
  5. Click 'Invite a user'.
  6. Input the email address of your service account.
  7. In the 'Access level' drop-down, select 'Developer'.
  8. Click the 'Invite' button.

Once your service account is added, you can use any service account keys generated for it to authenticate requests to the Google Wallet REST API. When using service account keys, keep in mind that these are highly sensitive credentials that should only be used in secure, server-side environments.