Bizum is a fast, secure, and convenient Spanish payment solution that allows users to make instant transactions directly from their bank account.
| Payment option | Category | Country | Currency | Features | Integrations |
|---|---|---|---|---|---|
| Bizum | Online Banking | Spain | EUR | Partial refund Refunds | API Payment form Prestashop plugin WooCommerce plugin Magento plugin |
Bizum is one of the most widely used payment methods in Spain, trusted by millions of users for its speed, simplicity, and security. It facilitates seamless money transfers and payments directly through users’ existing bank accounts.
When customers use Bizum, they provide their mobile phone number, receive a notification on their bank’s app and confirm the transaction. It is highly secure, with immediate payment notification.
How to use Bizum
The journey unfolds as follows:
- On the merchant’s checkout page, the customer selects Bizum as their payment method and the payment requests starts.
- Customers are redirected to a page where they insert Bizum phone number.
- The customer receives a notification on their banking applications prompting them to confirm the payment.
- The customer confirms the payment through their banking application.
- The merchant receives the payment confirmation.
- The merchant can ship the order/deliver the goods to the customer.
How it works
Here is an overview of the crucial steps required to integrate Bizum.
Step 1: Create the Order
Step 2: Get the Payment Link
Step 3: Get the Payment Status
Step 1: Create the Order
Make sure to initiate the order request with Bizum (“bizum”) as the chosen payment method (transaction.paymentMethod) and configure the customer’s language preference in customerInfo.customerLanguage.
Step 2: Get the Payment Link
Follow the instructions below to obtain the payment link, to redirect the customer to a secure payment page for authentication and payment authorization.
Please be aware that the request below requires an Authorization Header containing the transactionSignature obtained on the previous step.
Endpoints:
| Environment | URL | Operation Method & Endpoint | Operation Description |
|---|---|---|---|
| PROD | api.sibsgateway.com | POST {version-id}/payments/{id}/pbl/payment-link | Perform the transaction and redirect user to Payment Host. |
| TEST | stargate-cer.qly.site[1|2].sibs.pt | POST {version-id}/payments/{id}/pbl/payment-link | Perform the transaction and redirect user to Payment Host. |
Ensure that you include these essential elements as specified:
| Location | Data Element | Type | Condition | Description |
|---|---|---|---|---|
| Path | id | String | Mandatory | Used to identify the transaction |
Header parameters:
| Location | Data Element | Type | Condition | Description |
|---|---|---|---|---|
| Request Header | Content-Type | String | Mandatory | application/json |
| Request Header | Authorization | String | Mandatory | Authorization Digest |
Request parameters:
| Location | Data Element | Type | Condition | Description |
|---|---|---|---|---|
| Request Body | userAcceptanceIndicator | Boolean | Mandatory | Indicates if the user has accepted the Terms and Conditions, in order to continue with the payment. |
| Request Body | gatewayId | String | Mandatory | Payment Channel identifier for the channel the Customer is going to use for their payment. Value: ‘ideal’ – iDEAL; |
| Request Body | info | Info | Mandatory | Object that defines the transaction additional information. |
| Request Body.info | deviceInfo | DeviceInfo | Optional | Object that defines the customer device information. |
| Request Body.info.deviceInfo | browserAcceptHeader | string | Optional | Browser Accept Header |
| Request Body.info.deviceInfo | browserJavaEnabled | string | Optional | Browser Java Enabled |
| Request Body.info.deviceInfo | browserLanguage | string | Optional | browser Language |
| Request Body.info.deviceInfo | browserColorDepth | string | Optional | browser Color Depth |
| Request Body.info.deviceInfo | browserScreenHeight | string | Optional | browser Screen Height |
| Request Body.info.deviceInfo | browserScreenWidth | string | Optional | browser Screen Width |
| Request Body.info.deviceInfo | browserTZ | string | Optional | Browser Time Zone |
| Request Body.info.deviceInfo | browserUserAgent | string | Optional | Browser User Agent |
| Request Body.info.deviceInfo | systemFamily | string | Optional | System Family |
| Request Body.info.deviceInfo | systemVersion | string | Optional | System Version |
| Request Body.info.deviceInfo | systemArchitecture | string | Optional | System Architecture |
| Request Body.info.deviceInfo | deviceManufacturer | string | Optional | Device Manufacturer |
| Request Body.info.deviceInfo | deviceModel | string | Optional | Device Model |
| Request Body.info.deviceInfo | deviceID | string | Optional | Device Unique Identification |
| Request Body.info.deviceInfo | applicationName | string | Optional | Application Name |
| Request Body.info.deviceInfo | applicationVersion | string | Optional | Application Version |
| Request Body.info.deviceInfo | geoLocalization | string | Optional | Geolocation |
| Request Body.info.deviceInfo | ipAddress | string | Optional | IP Address |
| Request Body | customerInfo | CustomerInfo | Optional | Key Value tuple array. |
| Request Body.customerInfo | key | string | Mandatory | Used to supply “customerName”, “customerEmail”. |
| Request Body.customerInfo | value | string | Mandatory | Used to supply “customerName”, “customerEmail”. |
| Request Body | merchant | Merchant | Optional | Merchant Data |
| Request Body.merchant | merchantURL | string | Mandatory | Merchant Shop URL for redirect. |
| Request Body.info | accountInfo | AccountInfo | Optional | Account related data. Applicable when gatewayId is ‘ideal’ |
| Request Body.info.accountInfo | holderName | Max100Text | Optional | Account Holder Name. UTF-8 Format. |
| Request Body.info.accountInfo | customerCountry | Country Code | Optional | Customer Country Code. Alpha2 |
Below an example of a request:
"userAcceptanceIndicator": true,
"gatewayId": "bizum",
"info": {
"deviceInfo": {
"browserAcceptHeader": "application/json, text/plain, */*",
"browserJavaEnabled": "false",
"browserLanguage": "en",
"browserColorDepth": "24",
"browserScreenHeight": "1080",
"browserScreenWidth": "1920",
"browserTZ": "-60",
"browserUserAgent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36",
"geoLocalization": "Lat: 38.7350528 | Long: -9.2143616",
"systemFamily": "Windows",
"systemVersion": "Windows",
"deviceID": "498bfd4c3a3645b38667a7037b616c18",
"applicationName": "Chrome",
"applicationVersion": "106"
},
"customerInfo": [
{
"key": "customerName",
"value": "Test Name"
},
{
"key": "customerEmail",
"value": email@provider.com
}
],
"accountInfo": {
"holderName": "Test Name",
"customerCountry": "BE"
}
},
"merchant": {
"merchantURL": https://egadget2.azurewebsites.net/#/returns?id={{transactionId}}
}
}After successfully completing the operation, a ‘pending’ paymentStatus is received.
The user is then redirected to a payment confirmation environment before being seamlessly returned to the merchant’s URL.
Step 3: Get the Payment Status
You can perform a “Get Status” operation to check the status at any time.
The Authorization HTTP header is set to the Bearer token as it was used in the initial Checkout.
GET {transactionID}/statusRequest URL:
https://stargate-cer.qly.site1.sibs.pt/api/v1/payments/{transactionID}/statusRequest Headers:
Authorization: ‘Bearer <AuthToken>’
X-IBM-Client-Id: ‘<ClientId>’
Content-Type: application/json
A successful technical response comprises of an HTTP-200 status and a returnStatus.statusCode=”000″.
Here are some examples of the possible result codes:
| Result Code | statusMsg | Description | Action |
|---|---|---|---|
| HTTP-200 | Success | Success response | N/A |
| HTTP-400 | Bad Request | The JSON payload is not matching the API definition or some mandatory HTTP headers are missing. | Please check in API Market for the correct syntax. |
| HTTP-401 | Unauthorized | On the Authorization, Bearer token is invalid/expired or not associated with the Terminal used. | Please check in SIBS Backoffice under the Credentials if the token is valid and create a new one if needed. |
| HTTP-403 | Forbidden | The ClientID set on the X-IBM-Client-Id HTTP header is not valid or does not possess a valid subscription to the API. | Please check in SIBS Backoffice under the SPG APP 2.0 if the ClientID is correct. If the problem persists contact SIBS Gateway support for a ClientID reset. |
| HTTP-405 | Method Not Allowed | The HTTP Method used is not matching any of the API definitions available. | Please check in API Market for the correct HTTP Method. |
| HTTP-429 | Too Many Requests | The API calls rate limit has been exceeded. | Please check in API Market for information on the rate limits that apply to the API. |
| HTTP-500 | Internal Server Error | The API call has failed… and its most likely on our side. | You should retry the operation, and if the problem persists contact SIBS Gateway support for assistance. |
| HTTP-503 | Service Unavailable | The API call is not currently available. Usually we are always on, but short availability issues may occur during scheduled maintenance. | You should wait and try again later. |