Skip to content

One-time purchase

Info

This transaction type is available for: Cards.

Use the one-time purchase flow when you want to charge the shopper immediately.

Check below the available environments where you can perform a server-to-server POST request to generate the transaction.

EnvironmentURLOperation Method & EndpointOperation Description
PRODapi.sibsgateway.comPOST version-id/{id}/card/purchaseRequests the payment registered by the previous checkout using card details inserted by the customer.
TESTstargate-cer.qly.site[1|2].sibs.ptPOST
api/v1/payments/:transactionId/card/purchase
Requests the payment registered by the previous checkout using card details inserted by the customer.

Before you make the payment

  • Ensure the order has been created and submitted
  • The request needs an Authorization Header with the transactionsignature returned on the order creation response.
Notification

In this request, the Bearer Token is replaced by the checkout response transactionSignature.

The message below represents the one-time purchase where the payment is performed immediately, and no additional services (3D Secure, Tokenization, and Card OneClick) are identified for calling.

Path id

string

Mandatory

An optional element to query transaction status by Transaction Id.

Show more
Header parameters
Content-type

string

Mandatory

application/json

Show more
Authorization

string

Mandatory

Bearer Token. Based on OAuth2 authentication performed in a pre-step.

Show more
x-ibm-client-id

string

Mandatory

Token that identifies a client organization. It is provided during onboarding process and must be used in every call.

Show more
Request parameters
cardInfo

object

Mandatory

Object that defines the payment operation request fields.

Show more
PAN

string <= 40 characters

Optional

The Primary Account Number (credit card number).

Show more
secureCode

string <= 40 characters

Optional

The security code (CVV/CVC) associated with the credit card.

Show more
validationDate

ISODateTime

Mandatory

The expiration date of the credit card.

Show more
cardholderName

string

Mandatory

The name of the cardholder as it appears on the credit card.

Show more
createToken

boolean

Mandatory

A flag indicating whether to create a token for future use or not (true/false).

Show more

Here is an example of how to make a one-time purchase:

{
    "cardInfo": {
        "PAN": "5236410030000927",
        "secureCode": "776",
        "validationDate": "2026-05-26T00:00:00.000Z",
        "cardholderName": "Jane Smith",
        "createToken": false
    }
}

What’s next?

Have a look at the other Card payment features you can use.

After you make the payment, you will receive a response comprising a paymentStatus in the message. It informs whether the transaction was accepted, declined, still pending a final result, or requires additional action.

  • Success: The purchase has been processed successfully and the customer has been debited.
  • Declined: The purchase has been declined.
  • Pending: The final result of the purchase is not yet known. You will need to inquiry on the status of this transaction until it reaches a final state, or you decide to cancel it.
  • Partial: The purchase is partially accepted, but requires additional actions to the completed (e.g. 3D-Secure authentication). The actionResponse element is provided for instructions on how to proceed.

Get the payment status

Afterwards, once the payment has been processed, you can check the status of your transaction making a GET request.

The Authorization HTTP header is set to the Bearer token as it was used in the initial Checkout.

Request URL:
https://stargate-cer.qly.site1.sibs.pt/api/v1/payments/{transactionID}/status
Request Headers:
Autorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6I (...)
X-IBM-Client-Id: b4480347-9fc8-4790-b359-100a99c60ea3
Content-Type: application/json

A successful technical response comprises of an HTTP-200 status and a returnStatus.statusCode=”000″.

Here are some examples of the possible result codes:

Result codestatusMsgDescriptionAction
HTTP-200SuccessSuccess responsen/a
HTTP-400Bad RequestThe JSON payload is not matching the API definition or some mandatory HTTP headers are missing.Please check in API Market for the correct syntax.
HTTP-401UnauthorizedOn the Authorization, Bearer token is invalid/expired or not associated with the Terminal used.Please check in SIBS Backoffice under the Credentials if the token is valid and create a new one if needed.
HTTP-403ForbiddenThe ClientID set on the X-IBM-Client-Id HTTP header is not valid or does not possess a valid subscription to the API.Please check in SIBS Backoffice under the SPG APP 2.0 if the ClientID is correct. If the problem persists contact SIBS Gateway support for a ClientID reset.
HTTP-405Method Not AllowedThe HTTP Method used is not matching any of the API definitions available.Please check in API Market for the correct HTTP Method.
HTTP-429Too Many RequestsThe API calls rate limit has been exceeded.Please check in API Market for information on the rate limits that apply to the API.
HTTP-500Internal Server ErrorThe API call has failed… and its most likely on our side.You should retry the operation, and if the problem persists contact SIBS Gateway support for assistance.
HTTP-503Service UnavailableThe API call is not currently available. Usually we are always on, but short availability issues may occur during scheduled maintenance.You should wait and try again later.