Experience seamless transactions with MB WAY — Portugal’s most popular payment method, trusted by millions for online checkouts.

As the nation’s leading e-wallet, MB WAY serves over 5 million users — a number that continues to grow steadily every quarter.

Payment method	Category	Countries	Currencies	Features	Integrations
MB WAY	Digital Wallet	Portugal	EUR	Authorization Capture One-time purchase Partial refund Refunds	API Payment Form

How to use MB WAY

Follow these simple steps to complete your payment:

How it works

Here is an overview of the key steps to integrate MB WAY:

Step 1: Create the Order

Step 2: MB WAY Payment

Step 3: Get the Payment Status

Step 1: Create the Order

Make sure you create the order request with MB WAY (“MBWY”) as the chosen payment method (transaction.paymentMethod).

Step 2: MB WAY Payment

Follow the instructions below to obtain the payment link, redirecting the customer to a secure payment page for authentication and payment authorization.

Please ensure the request includes an Authorization Header with the transactionSignature obtained in Step 1.

Endpoints:

Environment	URL	Operation Method & Endpoint	Operation Description
PROD	api.sibsgateway.com	POST {version-id}/payments/{id}/mbway/purchase	Perform the transaction
TEST	stargate-cer.qly.site[1|2].sibs.pt	POST {version-id}/payments/{{id}/mbway/purchase	Perform the transaction

Ensure you include these essential elements as specified:

Location	Data Element	Type	Condition	Description
Path	id	String	Mandatory	Used to identify the transaction

Header parameters:

Location	Data Element	Type	Condition	Description
Request Header	Content-Type	String	Mandatory	application/json
Request Header	Authorization	String	Mandatory	Authorization Digest

Request parameters:

Location	Data Element	Type	Condition	Description
Request Body	customerPhone	string	Mandatory	Customer’s phone number.
Request Body	info	Info	Mandatory	Object that defines the transaction additional information.
Request Body.info	deviceInfo	DeviceInfo	Optional	Object that defines the customer device information.
Request Body.info.deviceInfo	browserAcceptHeader	string	Optional	Browser Accept Header
Request Body.info.deviceInfo	browserJavaEnabled	string	Optional	Browser Java Enabled
Request Body.info.deviceInfo	browserLanguage	string	Optional	browser Language
Request Body.info.deviceInfo	browserColorDepth	string	Optional	browser Color Depth
Request Body.info.deviceInfo	browserScreenHeight	string	Optional	browser Screen Height
Request Body.info.deviceInfo	browserScreenWidth	string	Optional	browser Screen Width
Request Body.info.deviceInfo	browserTZ	string	Optional	Browser Time Zone
Request Body.info.deviceInfo	browserUserAgent	string	Optional	Browser User Agent
Request Body.info.deviceInfo	systemFamily	string	Optional	System Family
Request Body.info.deviceInfo	systemVersion	string	Optional	System Version
Request Body.info.deviceInfo	systemArchitecture	string	Optional	System Architecture
Request Body.info.deviceInfo	deviceManufacturer	string	Optional	Device Manufacturer
Request Body.info.deviceInfo	deviceModel	string	Optional	Device Model
Request Body.info.deviceInfo	deviceID	deviceID	Optional	Device Unique Identification
Request Body.info.deviceInfo	applicationName	string	Optional	Application Name
Request Body.info.deviceInfo	applicationVersion	string	Optional	Application Version
Request Body.info.deviceInfo	geoLocalization	string	Optional	Geolocation
Request Body.info.deviceInfo	ipAddress	string	Optional	IP Address
Request Body	customerInfo	CustomerInfo	Optional	Key Value tuple array.
Request Body.customerInfo	key	string	Mandatory	Used to supply “customerName”, “customerEmail”.
Request Body.customerInfo	value	string	Mandatory	Used to supply “customerName”, “customerEmail”.
Request Body	actionProcessed	ActionProcessed	Optional
Request Body.ActionProcessed	id	string	Optional	Merchant Shop URL for redirect.
Request Body.ActionProcessed	type	String	Optional	Possible values are (“TREEDS_METHOD”, “THREEDS_CHALLENGE”, “DCC”).
Request Body.ActionProcessed	executed	boolean	Optional

Below an example of a request:

{
   "customerPhone": "+351912345678",
    "info": {
        "deviceInfo": {
            "browserAcceptHeader": "application/json, text/plain, */*",
            "browserJavaEnabled": "false",
            "browserLanguage": "en",
            "browserColorDepth": "24",
            "browserScreenHeight": "1080",
            "browserScreenWidth": "1920",
            "browserTZ": "-60",
            "browserUserAgent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36",
            "geoLocalization": "Lat: 38.7350528 | Long: -9.2143616",
            "systemFamily": "Windows",
            "systemVersion": "Windows",
            "deviceID": "498bfd4c3a3645b38667a7037b616c18",
            "applicationName": "Chrome",
            "applicationVersion": "106"
        },
        "customerInfo": [
            {
                "key": "customerName",
                "value": "Test Name"
            },
            {
                "key": "customerEmail",
                "value": email@provider.com
            }
        ],


        "actionProcessed": {
            "id": "ACTION123456789",
            "type": "TREEDS_METHOD",
	  "executed": true
        }
    }	
}

After successfully completing the operation, a ‘pending’ paymentStatus is received.
The user is then redirected to a payment confirmation environment before being returned to the merchant’s URL.

Step 3: Get the Payment Status

You can perform a “Get Status” operation to check the status at any time.
The Authorization HTTP header is set to the Bearer token as it was used in the initial Checkout.

GET {transactionID}/status

Request URL example:

https://stargate-cer.qly.site1.sibs.pt/api/v1/payments/{transactionID}/status

Request Headers:

Authorization: ‘Bearer <AuthToken>’
X-IBM-Client-Id: ‘<ClientId>’
Content-Type: application/json

A successful technical response comprises of an HTTP-200 status and a returnStatus.statusCode=”000″.

Here are some examples of the possible result codes:

Result Code	statusMsg	Description	Action
HTTP-200	Success	Success response	N/A
HTTP-400	Bad Request	The JSON payload is not matching the API definition or some mandatory HTTP headers are missing.	Please check in API Market for the correct syntax.
HTTP-401	Unauthorized	On the Authorization, Bearer token is invalid/expired or not associated with the Terminal used.	Please check in SIBS Backoffice under the Credentials if the token is valid and create a new one if needed.
HTTP-403	Forbidden	The ClientID set on the X-IBM-Client-Id HTTP header is not valid or does not possess a valid subscription to the API.	Please check in SIBS Backoffice under the SPG APP 2.0 if the ClientID is correct. If the problem persists contact SIBS Gateway support for a ClientID reset.
HTTP-405	Method Not Allowed	The HTTP Method used is not matching any of the API definitions available.	Please check in API Market for the correct HTTP Method.
HTTP-429	Too Many Requests	The API calls rate limit has been exceeded.	Please check in API Market for information on the rate limits that apply to the API.
HTTP-500	Internal Server Error	The API call has failed… and its most likely on our side.	You should retry the operation, and if the problem persists contact SIBS Gateway support for assistance.
HTTP-503	Service Unavailable	The API call is not currently available. Usually we are always on, but short availability issues may occur during scheduled maintenance.	You should wait and try again later.