5. API Specifications – Payments

5.1 Authentication and Security Management

All API requests must be made through HTTPS. You must authenticate all requests by using the HTTP Authorization header. The POP API header value format is as follows:

• Use HTTP basic authentication to authenticate the request.
• Specify the auth-parameter, where the overall parameter value is provided in the form is
  x-cpm-sec-token.

Note: x-cpm-sec-token is a unique value that you generate for a unique request. Velocity uses this value to verify if a request is submitted multiple times. This value must be a valid UUID (Universally Unique Identifier), with a canonical format using hexadecimal text with inserted hyphen characters. You can consult CPD support to check if this is enabled for your account.

The following is an example of parameters in HTTP header section:

x-cpm-sec-token- 6lutO0jd0h1YjlHqjAn6cjKYF5n2ZJjp%2fDNk08IGKS0%3d

To integrate Google Pay™ with your application, complete the following steps:

1. Initialize payment using mpoint/initialize-payment.
2. Authorize payment using /mpoint/authorize-payment.
   Note: You must Process Response of initialize payment to complete the integration process.

5.2 Google Pay™ Integration

Before you start the API integration, you must follow the Google Web Integration checklist and branding guidelines as follows:

• Overview
• Integration checklist
• Brand guidelines

5.3 Google Pay™ Integration flow