Google Wallet account
Set up Google Pay & Wallet Console access and Google Wallet API credentials so The Wallet Crew can issue passes under your brand.
Configure your Google Wallet integration using either delegated access (recommended for faster setup) or self-managed configuration. This guide covers account creation, API enablement, and credential management for deploying digital wallet passes through The Wallet Crew platform.
Overview
To distribute digital passes through Google Wallet, your organization must get a Google Pay & Wallet Console issuer account approved and configure a Google Cloud project for API access. Google approves issuers manually, so plan 3–5 business days for approval, plus 15–60 minutes for the technical setup.
Main things to configure
A Google Pay & Wallet Console issuer account (approval required)
A Google Cloud project with Google Wallet API access
You’ll create the core Google services under your brand (Google Cloud project + Google Pay & Wallet Console approval). Then you’ll either delegate the remaining configuration to The Wallet Crew, or complete it yourself and paste the required values into The Wallet Crew.
Want the “why” before the “how”? Start with Apple & Google wallet.
Prerequisites
Google Workspace or Gmail account with admin privileges
Company information for Google Pay merchant verification
Authority to create service accounts in Google Cloud
Google Cloud project configuration
Navigate to the Google Cloud Console and sign in with your company Google account.
Create a new project using the naming convention thewalletcrew-<brandName> where <brandName> matches your organization or brand identifier. For example: thewalletcrew-acmecorp or thewalletcrew-retailstore. This naming helps identify the project's purpose at a glance.
Account delegation
This approach allows The Wallet Crew team to handle the technical configuration while you retain ownership of all accounts and credentials. You'll grant temporary access, and we'll configure everything according to best practices.
In the IAM & Admin section, select IAM from the left navigation menu. Click the Grant Access button and add [email protected] as a project owner. This permission level allows The Wallet Crew team to create service accounts, enable APIs, and configure all necessary resources. You can revoke this access after initial setup is complete.
This way, the Google Wallet passes are issued under your organization's identity, not The Wallet Crew's. The project you create here establishes that organizational identity in Google's systems.
Configuration on your own
You manage the full setup within your own Google Cloud and Google Pay accounts.
To access the Google Pay & Wallet Console, you need to sign up. After you submit the form, the support team will contact you to validate your use case and enable your issuer account.
Create a service account
Go to the Credentials page.
Google Cloud - Credential Page
Ensure the current project is
thewalletcrew-<brandName>Click Create credentials → Service account.
Fill the form:
Service account name:
TheWalletCrewService account id: keep the autogenerated value
Click Done to complete the service account creation.
Note the email address generated for the service account. Example: [email protected]. You’ll need it later in the Google Pay & Wallet Console.
Create and download a JSON key
Open the service account you just created. Then go to the Keys tab.
Click Add key → Create new key.
Choose JSON and click Create.
Save the generated file to a secure location. You’ll upload it later in The Wallet Crew admin console.
Treat this JSON file like a password.
Enable the Google Wallet API
Go to the Google Wallet API page and enable API access.
walletobjects.googleapis.comGoogle Pay & Wallet Console configuration
Navigate to the Google Pay & Wallet Console and sign in with your company Google account.
Account delegation
Navigate to the Users section. Add [email protected] with Edit permission. This allows The Wallet Crew team to configure your issuer settings and complete the integration.
The Wallet Crew team will receive a notification of your access grant and will proceed with service account creation, API enablement, and credential configuration. We'll notify you when the setup is complete and provide you with your credentials for safekeeping.
Configuration on your own
Invite the service account
Navigate to the Users section.
Click Invite a user.
Fill the form with the following information:
Email address: the one noted at step 1.4
Access level: Developer
Then click Invite.
Complete establishment information
Click Establishment details and verify that all the information is filled and approved.
Click Google Wallet API.
issuerIdNote the issuerId. You’ll need it in The Wallet Crew admin console.
Configure The Wallet Crew
If you configure on your own, go back to The Wallet Crew admin console and open Wallet > Configuration > Google.
Wallet > Configuration > Google
Fill the form with:
the service account JSON key you downloaded earlier
the
issuerIdfrom the Google Pay & Wallet Console
issuerId and upload the JSON keyRequest public access (only if needed)
If after testing with a Google pass you get the following error:
Go back to Google Wallet API:
Then ask for public access. You can use one of these templates.
Email template — loyalty card usage
Hello,
We'd like to use the Google Wallet API to generate loyalty cards in-store. The customer can scan a QR code (example: xxxx), then create or retrieve their account and add a loyalty card to their wallet.
We work with The Wallet Crew for this.
Regards,
Email template — event usage
Hello,
We'd like to use the Google Wallet API to generate event tickets. The customer will receive an email with a download link and add their tickets to their wallet. We will also display an “Add to Wallet” button on our website after purchasing tickets.
We work with The Wallet Crew for this.
Regards,
FAQ
How long does Google approval take?
Google approves issuer access manually. Plan 3–5 business days for approval. Then plan 15–60 minutes for the technical setup (service account, API enablement, and issuer configuration).
What do we need to configure in The Wallet Crew administration console?
You need two things: a service account JSON key from Google Cloud (service account → Keys) and your issuerId from the Google Pay & Wallet Console (Google Wallet API section). Once you paste/upload these in Wallet > Configuration > Google, The Wallet Crew can authenticate and issue passes under your issuer.
Do we need a dedicated Google Cloud project?
Yes. A dedicated project keeps wallet configuration isolated from other cloud workloads. It also makes access review, billing, and auditing much easier.
What is the “service account” used for?
The service account is the machine identity used to call Google Wallet APIs server-to-server. It is not a human user. The Wallet Crew uses the service account JSON key to authenticate those API calls.
How should we store the service account JSON key?
Treat the JSON key like a password. Upload it to The Wallet Crew over the admin console, then store it only in your secret manager (or delete it if you don’t need to keep a copy). Avoid sharing it over chat or email, and rotate it immediately if exposed.
Why do we need to invite a user/service account in Google Pay & Wallet Console ?
Google Pay & Wallet Console controls who can manage your issuer. If the service account is not invited, Google Wallet API calls will fail even if the Cloud project is correctly configured. In self-managed setup, invite the service account as a user with the Developer role.
What does “Enable the Google Wallet API” actually do?
It enables the Google Wallet API endpoint (walletobjects.googleapis.com) in your Cloud project. Without this, requests will fail with authorization errors such as “API not enabled”.
We get an error asking for “public access”. What does it mean?
Some issuers need an extra approval step from Google before they can distribute passes broadly. This often shows up when you move from testing to real-world distribution. Use the email templates in this guide to request public access from Google.
Can we revoke delegated access after go-live?
Yes. Once you’ve validated that issuance and pass updates work end-to-end, revoke delegated access in both places: remove The Wallet Crew from your Google Cloud project IAM, and remove the user from the Google Pay & Wallet Console Users list. Do this only after you’ve run real saves and at least one successful update, so you don’t accidentally break production.
Should we renew the configuration yearly?
Usually no. This setup is not something you “renew” on a schedule.
Only redo the configuration in The Wallet Crew if something changed on the Google side, for example:
You rotated or replaced the service account JSON key.
The key was revoked/disabled, or you suspect it was exposed.
You switched to a different Cloud project or issuerId.
IAM / Console permissions were changed and issuance stopped working.
If nothing changed and passes still issue/update correctly, leave it as-is.
We already have existing passes. How do we migrate to The Wallet Crew?
This is a migration of live passes, not a normal “reconfigure”.
On Google, your passes are tied to a Google Pay & Wallet Console issuer account. You can’t transfer live passes to a different issuer. Plan to keep the same issuer and move the operational setup (credentials + pass data) to The Wallet Crew.
Follow the dedicated guide: Move passes to The Wallet Crew.
Last updated