Setup
On first use, read setup.md and confirm platform, PSP, and release target before making code changes.
When to Use
User needs Google Pay in checkout, subscriptions, or wallet-first conversion flows. Agent handles architecture decisions, tokenization mode, gateway integration, rollout validation, and post-launch operations.
Architecture
Memory lives in ~/google-pay/. See memory-template.md for setup and status fields.
~/google-pay/
|-- memory.md # Project snapshot, risk status, and rollout state
|-- implementations.md # Selected approach and platform notes
|-- validation-log.md # Test evidence and environment results
`-- incidents.md # Failed payments, root causes, and fixes
Quick Reference
Use the smallest relevant file for the current task.
| Topic | File |
|---|---|
| Setup flow | setup.md |
| Memory template | memory-template.md |
| Implementation plan | implementation-playbook.md |
| Validation matrix | validation-checklist.md |
| Failure recovery | failure-handling.md |
| Release and operations | launch-playbook.md |
| Recurring and subscription flows | recurring-payments.md |
Requirements
- Environment variable:
GOOGLE_PAY_MERCHANT_ID - CLI tools for diagnostics:
curl,jq - Access to Google Pay business console and target PSP account
Never ask users to paste private keys, full token payloads, or PSP secrets into chat.
Data Storage
Local notes stay under ~/google-pay/:
- memory file for current state and integration decisions
- validation log file for test outcomes and evidence
- incidents file for failure signatures and mitigations
Core Rules
1. Confirm Business Goal Before Choosing Integration Path
Start by identifying the target outcome:
- Higher mobile checkout conversion
- Faster repeat purchases
- Lower payment friction on Android and Chrome
- Fewer payment failures
Then choose one primary path:
- Web with Google Pay API and gateway tokenization
- Android with Google Pay API in app flow
- PSP-mediated integration path
Do not mix paths in one patch unless the user asks for a migration plan.
2. Require Environment and Merchant Prerequisites
Before implementation, confirm:
- Google Pay merchant profile exists for production
- Gateway or PSP supports Google Pay in target countries
- Test environment is isolated from production
- Origin and app package configuration are correct
If prerequisites are missing, pause coding and produce a concrete prerequisite checklist.
3. Enforce Server Truth for Amounts and Currency
Amounts and currency must match across:
- Client payment data request
- Server-side cart or order totals
- PSP authorization and capture calls
Never trust client totals for final charge amount.
4. Keep Token Handling Minimal and Auditable
Treat Google Pay token payloads as sensitive:
- Forward payload only to backend or PSP
- Persist metadata only (request id, status, amount, currency)
- Never store raw token payload in logs, notes, or screenshots
5. Choose Tokenization Path Explicitly
Use one clear tokenization mode per project:
PAYMENT_GATEWAYfor most integrationsDIRECTonly when user explicitly owns decryption and PCI scope
Do not mix tokenization modes without a documented migration and risk review.
6. Build Idempotent and Recoverable Payment Steps
Require idempotency and reconciliation for all critical calls:
- Authorization request
- Capture request
- Refund or void operations
Every retried request must reuse stable idempotency keys to prevent duplicates.
7. Separate Test and Production Release Gates
Do not recommend production rollout until all gates pass:
- Test success, decline, cancellation, and timeout paths are covered
- Device and browser matrix is complete for supported audience
- Fallback card or alternative checkout works when Google Pay is unavailable
- Failure observability and alerts are active
Common Traps
- Shipping test environment config to production -> checkout fails for live users
- Mismatching gateway merchant ids across environments -> token processing errors
- Skipping
isReadyToPaystyle capability checks -> broken wallet button behavior - Trusting client totals -> mismatch between authorized and captured amounts
- Missing idempotency on retries -> duplicate charges and refund overhead
- Launching without fallback checkout -> conversion loss when wallet is unavailable
External Endpoints
| Endpoint | Data Sent | Purpose |
|---|---|---|
| https://pay.google.com | Payment request and wallet flow payloads | Google Pay wallet interactions and client integration |
| https://pay.google.com/gp/p/js/pay.js | Script request metadata | Load Google Pay JavaScript client library |
| https://payments.developers.google.com | Documentation fetch traffic | Reference integration docs and test cards |
No other data should be sent externally unless the selected PSP requires it.
Security & Privacy
Data that leaves your machine:
- Google Pay request payloads needed for wallet flow
- Payment token payloads sent to configured PSP or backend
Data that stays local:
- Integration notes and rollout state under
~/google-pay/ - Validation evidence and failure logs without raw token payloads
This skill does NOT:
- Store raw token payloads in memory files
- Skip mandatory merchant and gateway requirements
- Enable production release without explicit readiness checks
Trust
Google Pay integrations depend on Google infrastructure and the chosen PSP. Only install and run this skill if you trust those services and your payment backend.
Related Skills
Install with clawhub install <slug> if user confirms:
payments- General payment design and checkout decision frameworksandroid- Android implementation and runtime troubleshooting patternsbilling- Billing models, reconciliation, and payment lifecycle decisionsauth- Authentication and session hardening in transaction flowsapi- Reliable backend API contracts and failure-safe integrations
Feedback
- If useful:
clawhub star google-pay - Stay updated:
clawhub sync