Card payments are available for Visa, Mastercard, and co-branded cards, and since the flow may differ slightly depending on the exact use case, so, in this section we will describe the one-time purchase, but you can also have access to a couple of different use cases.
3D secure
Payment authorisation with 3D Secure authentication (frictionless or challenged).
Store cards
Save shopper’s details and make recurring and subscription payments.
Card OneClick
Activate the most seamless and quick way to accept payments.
Webhooks
Keep your system up to date on payment events and status changes.
Use the one-time purchase flow when you want to charge the shopper immediately.
Payment method | Category | Countries | Currencies | Features | Integrations |
Card | Credit and debit cards | Czech Republic, Estonia, France, Germany, Hungary, Poland, Portugal, Romania, Slovakia | CZK, EUR, HUF, PLN, RON | 3D Secure OneClick/Without a code Pre-authorized Capture One-Time Purchase Partial captures Partial refund Recurring Refunds Cancellation Virtual Terminal | API Payment Form Prestashop Plugin WooCommerce Plugin Magento Plugin |
One-time purchase
Check below the available environments where you can perform a server-to-server POST request to generate the transaction.
Environment | URL | Operation Method & Endpoint | Operation Description |
PROD | api.sibsgateway.com | POST version-id/{id}/card/purchase | Requests the payment registered by the previous checkout using card details inserted by the customer. |
TEST | stargate-cer.qly.site[1|2].sibs.pt | POST api/v1/payments/:transactionId/card/purchase | Requests the payment registered by the previous checkout using card details inserted by the customer. |
Before you make a payment
Ensure the order has been created and submitted.
- The request needs an Authorisation Header with the transactionsignature returned on the order creation response.
The message below represents the one-time purchase where the payment is performed immediately, and no additional services (3D Secure, Tokenization, and Card OneClick) are identified for calling.
Header parameters
Request parameters
string <= 40 characters
The security code (CVV/CVC) associated with the credit card.
string
The name of the cardholder as it appears on the credit card.
boolean
A flag indicating whether to create a token for future use or not (true/false).
Here is an example of how to make a one-time purchase:
{
"cardInfo": {
"PAN": "5236410030000927",
"secureCode": "776",
"validationDate": "2026-05-26T00:00:00.000Z",
"cardholderName": "Jane Smith",
"createToken": false
}
}
What’s next?
Have a look at the other Card payment features you can use.
- Payment with pre-authorized and subsequent capture where you charge only upon order delivery (total or partial charge).
- Payment authorisation with 3D Secure authentication (frictionless or challenged).
- Payment based on card Tokenization.
- Payment based on Card OneClick.
After you make the payment, you will receive a response comprising a paymentStatus in the message. It informs whether the transaction was accepted, declined, still pending a final result, or requires additional action.
- Success: The purchase has been processed successfully and the customer has been debited.
- Declined: The purchase has been declined.
- Pending: The final result of the purchase is not yet known. You will need to inquiry on the status of this transaction until it reaches a final state, or you decide to cancel it.
- Partial: The purchase is partially accepted, but requires additional actions to the completed (e.g. 3D-Secure authentication). The actionResponse element is provided for instructions on how to proceed.
Get the payment status
Afterwards, once the payment has been processed, you can check the status of your transaction making a GET request.
The Authorisation HTTP header is set to the Bearer token as it was used in the initial Checkout.
Request URL:
https://stargate-cer.qly.site1.sibs.pt/api/v1/payments/{transactionID}/status
Request Headers:
Autorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6I (...)
X-IBM-Client-Id: b4480347-9fc8-4790-b359-100a99c60ea3
Content-Type: application/json
A successful technical response comprises of an HTTP-200 status and a returnStatus.statusCode=”000″.
Here are some examples of the possible result codes:
Result Code | statusMsg | Description | Action |
---|---|---|---|
HTTP-200 | Success | Success response | N/A |
HTTP-400 | Bad Request | The JSON payload is not matching the API definition or some mandatory HTTP headers are missing. | Please check in API Market for the correct syntax. |
HTTP-401 | Unauthorized | On the Authorization, Bearer token is invalid/expired or not associated with the Terminal used. | Please check in SIBS Backoffice under the Credentials if the token is valid and create a new one if needed. |
HTTP-403 | Forbidden | The ClientID set on the X-IBM-Client-Id HTTP header is not valid or does not possess a valid subscription to the API. | Please check in SIBS Backoffice under the SPG APP 2.0 if the ClientID is correct. If the problem persists contact SIBS Gateway support for a ClientID reset. |
HTTP-405 | Method Not Allowed | The HTTP Method used is not matching any of the API definitions available. | Please check in API Market for the correct HTTP Method. |
HTTP-429 | Too Many Requests | The API calls rate limit has been exceeded. | Please check in API Market for information on the rate limits that apply to the API. |
HTTP-500 | Internal Server Error | The API call has failed… and its most likely on our side. | You should retry the operation, and if the problem persists contact SIBS Gateway support for assistance. |
HTTP-503 | Service Unavailable | The API call is not currently available. Usually we are always on, but short availability issues may occur during scheduled maintenance. | You should wait and try again later. |
Cartes Bancaires
SIBS Gateway also supports co-branded cards as Cartes Bancaires. Please check below how you can perform a server-to-server POST request to generate the transaction with Cartes Bancaires.
- Create the order using CRTB as payment method.
Below an example on how to perform an order:
- After completing the order successfully, the purchase request can be performed.
The message below presents a one-time purchase where the payment is performed. Please find below the request message parameters details:
Request parameters
string <= 40 characters
The security code (CVV/CVC) associated with the credit card.
string
The name of the cardholder as it appears on the credit card.
boolean
A flag indicating whether to create a token for future use or not (true/false).
string
Card Brand Routing Type – for Cartes Bancaire should be set to CRTB.
After performing the payment, a response will be received containing a paymentStatus in the message. It informs whether the transaction was accepted, declined, still pending a final result, or requires additional action.
- Get the Payment Status
Afterwards, once the payment has been processed, you can check the status of your transaction making a GET request