# Google Wallet account
Configure your Google Wallet integration using either delegated access (recommended for faster setup) or self-managed configuration. This guide covers account creation, API enablement, and credential management for deploying digital wallet passes through The Wallet Crew platform.
## Overview
To distribute digital passes through Google Wallet, your organization must get a Google Pay & Wallet Console issuer account approved and configure a Google Cloud project for API access. Google approves issuers manually, so plan **3–5 business days** for approval, plus **15–60 minutes** for the technical setup.
**Main things to configure**
* A Google Pay & Wallet Console issuer account (approval required)
* A Google Cloud project with Google Wallet API access
You’ll create the core Google services under your brand (Google Cloud project + Google Pay & Wallet Console approval). Then you’ll either delegate the remaining configuration to The Wallet Crew, or complete it yourself and paste the required values into The Wallet Crew.
Want the “why” before the “how”? Start with [Apple & Google wallet](https://docs.thewalletcrew.io/configure/wallet/apple-and-google-wallet).
#### Prerequisites
* Google Workspace or Gmail account with admin privileges
* Company information for Google Pay merchant verification
* Authority to create service accounts in Google Cloud
## Google Cloud project configuration
Navigate to the Google Cloud Console and sign in with your company Google account.
Create a new project using the naming convention `thewalletcrew-` where `` matches your organization or brand identifier. For example: `thewalletcrew-acmecorp` or `thewalletcrew-retailstore`. This naming helps identify the project's purpose at a glance.
### Account delegation
This approach allows The Wallet Crew team to handle the technical configuration while you retain ownership of all accounts and credentials. You'll grant temporary access, and we'll configure everything according to best practices.
In the IAM & Admin section, select **IAM** from the left navigation menu. Click the **Grant Access** button and add `contact@neostore.cloud` as a project owner. This permission level allows The Wallet Crew team to create service accounts, enable APIs, and configure all necessary resources. You can revoke this access after initial setup is complete.
Google Cloud IAM: grant project access
This way, the Google Wallet passes are issued under your organization's identity, not The Wallet Crew's. The project you create here establishes that organizational identity in Google's systems.
### Configuration on your own
You manage the full setup within your own Google Cloud and Google Pay accounts.
To access the Google Pay & Wallet Console, you need to [sign up](https://support.google.com/pay/merchants/contact/instore_merchants). After you submit the form, the support team will contact you to validate your use case and enable your issuer account.
{% stepper %}
{% step %}
**Create a service account**
1. Go to the Credentials page.
2. Ensure the current project is `thewalletcrew-`
3. Click **Create credentials → Service account**.
Create a new service account
4. Fill the form:
* Service account name: `TheWalletCrew`
* Service account id: keep the autogenerated value
Service account name and ID
5. Click **Done** to complete the service account creation.
Note the email address generated for the service account. Example: `thewalletcrew@thewalletcrew-123456.iam.gserviceaccount.com`. You’ll need it later in the Google Pay & Wallet Console.
{% endstep %}
{% step %}
**Create and download a JSON key**
1. Open the service account you just created. Then go to the **Keys** tab.
Open the Keys tab
Create a new key
2. Click **Add key → Create new key**.
Start creating a JSON key
3. Choose **JSON** and click **Create**.
Select JSON key type
4. Save the generated file to a secure location. You’ll upload it later in The Wallet Crew admin console.
{% hint style="warning" %}
Treat this JSON file like a password.
{% endhint %}
{% endstep %}
{% step %}
**Enable the Google Wallet API**
Go to the Google Wallet API page and enable API access.
{% endstep %}
{% endstepper %}
## Google Pay & Wallet Console configuration
Navigate to the Google Pay & Wallet Console and sign in with your company Google account.
### Account delegation
Navigate to the Users section. Add `contact@neostore.cloud` with **Edit** permission. This allows The Wallet Crew team to configure your issuer settings and complete the integration.
Add a user with Edit access
The Wallet Crew team will receive a notification of your access grant and will proceed with service account creation, API enablement, and credential configuration. We'll notify you when the setup is complete and provide you with your credentials for safekeeping.
### Configuration on your own
{% stepper %}
{% step %}
**Invite the service account**
1. Navigate to the Users section.
Open the Users section
2. Click **Invite a user**.
Fill the form with the following information:
* Email address: the one noted at step 1.4
* Access level: **Developer**
Invite the service account email
Choose the Developer role
Then click **Invite**.
Send the invitation
{% endstep %}
{% step %}
**Complete establishment information**
1. Click **Establishment details** and verify that all the information is filled and approved.
Confirm establishment details are approved
2. Click **Google Wallet API**.
Copy the issuerId
Note the `issuerId`. You’ll need it in The Wallet Crew admin console.
{% endstep %}
{% endstepper %}
## Configure The Wallet Crew
If you configure on your own, go back to The Wallet Crew admin console and open Wallet > Configuration > Google.
Fill the form with:
* the service account JSON key you downloaded earlier
* the `issuerId` from the Google Pay & Wallet Console
Paste issuerId and upload the JSON key
#### Request public access (only if needed)
If after testing with a Google pass you get the following error:
Error when public access is required
Go back to Google Wallet API:
Request public access from Google
Then ask for public access. You can use one of these templates.
Email template — loyalty card usage
> Hello,
>
> We'd like to use the Google Wallet API to generate loyalty cards in-store. The customer can scan a QR code (example: xxxx), then create or retrieve their account and add a loyalty card to their wallet.
>
> We work with The Wallet Crew for this.
>
> Regards,
Email template — event usage
> Hello,
>
> We'd like to use the Google Wallet API to generate event tickets. The customer will receive an email with a download link and add their tickets to their wallet. We will also display an “Add to Wallet” button on our website after purchasing tickets.
>
> We work with The Wallet Crew for this.
>
> Regards,
## FAQ
How long does Google approval take?
Google approves issuer access manually. Plan **3–5 business days** for approval. Then plan **15–60 minutes** for the technical setup (service account, API enablement, and issuer configuration).
What do we need to configure in The Wallet Crew administration console?
You need two things: a **service account JSON key** from Google Cloud (service account → **Keys**) and your **`issuerId`** from the **Google Pay & Wallet Console** (Google Wallet API section). Once you paste/upload these in Wallet > Configuration > Google, The Wallet Crew can authenticate and issue passes under your issuer.
Do we need a dedicated Google Cloud project?
Yes. A dedicated project keeps wallet configuration isolated from other cloud workloads. It also makes access review, billing, and auditing much easier.
What is the “service account” used for?
The service account is the machine identity used to call Google Wallet APIs server-to-server. It is not a human user. The Wallet Crew uses the service account JSON key to authenticate those API calls.
How should we store the service account JSON key?
Treat the JSON key like a password. Upload it to The Wallet Crew over the admin console, then store it only in your secret manager (or delete it if you don’t need to keep a copy). Avoid sharing it over chat or email, and rotate it immediately if exposed.
Why do we need to invite a user/service account in Google Pay & Wallet Console ?
Google Pay & Wallet Console controls who can manage your issuer. If the service account is not invited, Google Wallet API calls will fail even if the Cloud project is correctly configured. In self-managed setup, invite the **service account** as a user with the **Developer** role.
What does “Enable the Google Wallet API” actually do?
It enables the Google Wallet API endpoint (`walletobjects.googleapis.com`) in your Cloud project. Without this, requests will fail with authorization errors such as “API not enabled”.
We get an error asking for “public access”. What does it mean?
Some issuers need an extra approval step from Google before they can distribute passes broadly. This often shows up when you move from testing to real-world distribution. Use the email templates in this guide to request public access from Google.
Can we revoke delegated access after go-live?
**Yes**. Once you’ve validated that issuance and pass updates work end-to-end, revoke delegated access in both places: remove The Wallet Crew from your **Google Cloud** project IAM, and remove the user from the **Google Pay & Wallet Console** Users list. Do this only after you’ve run real saves and at least one successful update, so you don’t accidentally break production.
Should we renew the configuration yearly?
Usually **no**. This setup is not something you “renew” on a schedule.
Only redo the configuration in The Wallet Crew if something changed on the Google side, for example:
* You **rotated or replaced** the service account JSON key.
* The key was **revoked/disabled**, or you suspect it was exposed.
* You switched to a **different Cloud project** or **issuerId**.
* IAM / Console permissions were changed and issuance stopped working.
If nothing changed and passes still issue/update correctly, leave it as-is.
We already have existing passes. How do we migrate to The Wallet Crew?
This is a **migration** of live passes, not a normal “reconfigure”.
On Google, your passes are tied to a **Google Pay & Wallet Console issuer account**. You can’t transfer live passes to a different issuer. Plan to keep the same issuer and move the operational setup (credentials + pass data) to The Wallet Crew.
Follow the dedicated guide: [Move passes to The Wallet Crew](https://docs.thewalletcrew.io/configure/wallet/import-and-export/move-pass-from-and-to-the-wallet-crew/move-passes-to-the-wallet-crew).
.png?alt=media&token=f337119e-6908-4529-91f8-b2a3fece2d56)
.png?alt=media&token=2f275359-9504-4e56-b59c-8955c77ec95e)
.png?alt=media&token=7ab40655-a9c9-4ced-af57-6bbb2bbce0b4)
.png?alt=media&token=9a8d1ba7-fd9e-4fdc-89f6-926bb24d9c97)
.png?alt=media&token=04e5a7ed-f22f-4dc1-b89b-3082e54c67cf)
.png?alt=media&token=3441f394-e1a4-4c3d-9399-8658036d382c)
.png?alt=media&token=691c3572-cf6d-4a7a-99aa-20ff7834abac)
.png?alt=media&token=e3538846-c593-4882-8831-89a1d91314fc)
.png?alt=media&token=e5861eeb-f043-41e4-8194-81dadccd630c)
.png?alt=media&token=7b3828d2-faa5-4686-9626-abb34e64f1a1)
.png?alt=media&token=7b825de5-6caa-422c-a194-f2bfd7d7846f)
.png?alt=media&token=5cd50980-8b32-40da-85c6-160c4de6ec6b)
.png?alt=media&token=375c59d8-d38f-41a4-bf48-4e85b401b78d)
.png?alt=media&token=3eef0b09-95b2-4bee-b04c-b20f9eabeeea)
.png?alt=media&token=11ba3f29-fb68-4ec9-9e92-1bb1ad494d36)