This transaction type is available for: Cards.
Use the one-time purchase flow when you want to charge the shopper immediately.
Check below the available environments where you can perform a server-to-server POST request to generate the transaction.
| Environment | URL | Operation Method & Endpoint | Operation Description |
| PROD | api.sibsgateway.com | POST version-id/{id}/card/purchase | Requests the payment registered by the previous checkout using card details inserted by the customer. |
| TEST | stargate-cer.qly.site[1|2].sibs.pt | POST api/v1/payments/:transactionId/card/purchase | Requests the payment registered by the previous checkout using card details inserted by the customer. |
Before you make the payment
- Ensure the order has been created and submitted
- The request needs an Authorization Header with the transactionsignature returned on the order creation response.
In this request, the Bearer Token is replaced by the checkout response transactionSignature.
The message below represents the one-time purchase where the payment is performed immediately, and no additional services (3D Secure, Tokenization, and Card OneClick) are identified for calling.
Header parameters
Request parameters
string <= 40 characters
The security code (CVV/CVC) associated with the credit card.
string
The name of the cardholder as it appears on the credit card.
boolean
A flag indicating whether to create a token for future use or not (true/false).
Here is an example of how to make a one-time purchase:
{
"cardInfo": {
"PAN": "5236410030000927",
"secureCode": "776",
"validationDate": "2026-05-26T00:00:00.000Z",
"cardholderName": "Jane Smith",
"createToken": false
}
}What’s next?
Have a look at the other Card payment features you can use.
- Payment with pre-authorization and subsequent capture when you charge only upon delivery (total or partial).
- Payment authorization with 3D Secure authentication (frictionless or challenged).
- Payment based on card Tokenization.
- Payment based on Card OneClick.
After you make the payment, you will receive a response comprising a paymentStatus in the message. It informs whether the transaction was accepted, declined, still pending a final result, or requires additional action.
- Success: The purchase has been processed successfully and the customer has been debited.
- Declined: The purchase has been declined.
- Pending: The final result of the purchase is not yet known. You will need to inquiry on the status of this transaction until it reaches a final state, or you decide to cancel it.
- Partial: The purchase is partially accepted, but requires additional actions to the completed (e.g. 3D-Secure authentication). The actionResponse element is provided for instructions on how to proceed.
Get the payment status
Afterwards, once the payment has been processed, you can check the status of your transaction making a GET request.
The Authorization HTTP header is set to the Bearer token as it was used in the initial Checkout.
Request URL:
https://stargate-cer.qly.site1.sibs.pt/api/v1/payments/{transactionID}/statusRequest Headers:
Autorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6I (...)
X-IBM-Client-Id: b4480347-9fc8-4790-b359-100a99c60ea3
Content-Type: application/jsonA successful technical response comprises of an HTTP-200 status and a returnStatus.statusCode=”000″.
Here are some examples of the possible result codes:
| Result code | statusMsg | Description | Action |
|---|---|---|---|
| HTTP-200 | Success | Success response | n/a |
| HTTP-400 | Bad Request | The JSON payload is not matching the API definition or some mandatory HTTP headers are missing. | Please check in API Market for the correct syntax. |
| HTTP-401 | Unauthorized | On the Authorization, Bearer token is invalid/expired or not associated with the Terminal used. | Please check in SIBS Backoffice under the Credentials if the token is valid and create a new one if needed. |
| HTTP-403 | Forbidden | The ClientID set on the X-IBM-Client-Id HTTP header is not valid or does not possess a valid subscription to the API. | Please check in SIBS Backoffice under the SPG APP 2.0 if the ClientID is correct. If the problem persists contact SIBS Gateway support for a ClientID reset. |
| HTTP-405 | Method Not Allowed | The HTTP Method used is not matching any of the API definitions available. | Please check in API Market for the correct HTTP Method. |
| HTTP-429 | Too Many Requests | The API calls rate limit has been exceeded. | Please check in API Market for information on the rate limits that apply to the API. |
| HTTP-500 | Internal Server Error | The API call has failed… and its most likely on our side. | You should retry the operation, and if the problem persists contact SIBS Gateway support for assistance. |
| HTTP-503 | Service Unavailable | The API call is not currently available. Usually we are always on, but short availability issues may occur during scheduled maintenance. | You should wait and try again later. |