Skip to main content

URL

Requirements

Size

The frame container height must be 44px. Width is flexible; the Google Pay button inside the frame uses 100% of the container width.

Permissions

The payment permission policy is required.
Example
If you render the frame in a sandboxed iframe (for example, for PCI DSS v4 compliance), include all four sandbox values: allow-scripts allow-popups allow-same-origin allow-forms. Sandboxing is one way to isolate the frame when Google Pay’s pay.js cannot provide a stable Subresource Integrity hash. See Google Pay inside sandboxed iframe for PCI DSS v4 compliance for details. When you use the sandbox attribute, each value serves a specific purpose:
  • allow-scripts runs pay.js.
  • allow-popups opens the payment window on user interaction.
  • allow-same-origin grants the browser storage and cookie access needed for compatibility.
  • allow-forms submits the Google Pay sign-in form.

Android WebView

Google Pay relies on the Payment Request API, which is disabled by default in Android WebView, so embedding this frame natively requires extra setup.
Requires Google Play services 25.18.30+ and Android WebView for Chrome 137+. The isReadyToPay API returns false when these requirements are not met. See Using Android WebView for full details.
Add the AndroidX WebKit dependency:
Declare the required intent queries in AndroidManifest.xml:
Enable the Payment Request API on the WebView, after settings.javaScriptEnabled = true:
For a complete native walkthrough that covers rendering the frame and wiring events, see Android manual integration.

Initialization parameters

Events

All events are dispatched using the message pattern described in the frames protocol. Below are the event payloads specific to the Google Pay frame.

Outbound events

frame->parent These events are sent from this frame to the parent window.

handshake

The frame requests that you open a message channel.

ready

The frame finished loading and the UI is fully rendered. You can use this to coordinate UI transitions if needed.

buttonPressed

The customer tapped the Google Pay button. The frame emits this the instant the button is tapped, before Android presents the Google Pay payment sheet. Treat it as an intent-to-buy signal: use it to react to the tap, for example to show a loading state or fire analytics. This event carries no payload. Route it by channelId. buttonPressed is not a purchase outcome. It still fires if the customer opens the payment sheet and then cancels, and it fires before any authorization happens. For the transaction result, listen for complete, which reports the outcome once the payment resolves.

complete

The transaction is complete. Use the transaction ID to track status updates (for example, by polling or via webhooks).
Failure codes
When a complete event has status: "failed", the failureCode field indicates the failure category. Use this value — not failureReason — for programmatic branching. failureReason is a human-readable fallback suitable for display when you do not have custom copy for a given code.
failureCode is optional. When the frame cannot classify a failure, it sends failureReason alone — fall back to showing that message to the customer.
Quote expiry is reported through the error event with code: "quoteExpired", not through complete. Listen for both events to cover all failure paths.

challenge

Verification is required before the transaction can proceed. Render the challenge frame at the provided URL. Do not construct the URL yourself — use it as-is.

error

This event dispatches errors that occur in the flow and, if available, provides steps for recovery.

Inbound events

parent->frame These events are sent from the parent window to this frame.

ack

Acknowledge the handshake.

setQuote

Provide a new quote to the frame. Pass signature as returned by the quote endpoint. Upon receiving this event, the frame disables the Google Pay button until the quote is revalidated.