Skip to content

Server to Server – Blik

BLIK is a well-known payment method in Poland.

SIBS Payment Gateway provides the API to integrate with BLIK services through the Web Redirect pattern.

The API encloses all the complexity of message signing and payload generation so that you can focus on the important stuff – get the payment.

How it works

Flow – BLIK Payment

BLIK payment flow relies on 4 simples steps:

  1. Create the Checkout request with the payment data
  2. Request a BLIK Link to get all the data needed for redirecting the customer to BLIK
  3. Redirect the customer to BLIK for authentication and authorisation
  4. Get the Payment Status to know the payment result

For more information regarding the API endpoints please check Payment Wall Sandbox.
If you want to know more about the structures and fields please check API Dev Portal.

Starting by creating the checkout

First, perform a server-to-server POST request, the same as Form Integration, to prepare the checkout with the required data,where you should include the payment type, amount, currency and payment methods allowed.

Only include BLIK in the transaction.paymentMethod list.

The JSON of your POST body, can be composed of various Complex Types:

The response to a successful request is a JSON with a transactionID, which is required in the second step to create a transaction.

With the transactionID, will be present as well a transactionSignature that will be used on the following step

Expected Response

A success response comprises of an HTTP-200 status, a transactionID and a transactionSignature

Any other HTTP status signals an unsuccessful request. The following statuses may occur:

  • HTTP-400 (Bad Request): The JSON payload is not matching the API definition or some mandatory HTTP headers are missing. Please check in API Market for the correct syntax.
  • HTTP-401 (Unauthorized): The Authorization: Bearer token is invalid/expired or not associated with the Terminal used. Please check in SIBS Backoffice under the Credentials if the token is valid, and create a new one if needed.
  • HTTP-403 (Forbidden): The ClientID set on the X-IBM-Client-Id HTTP header is not valid or does not possess a valid subscription to the API. Please check in SIBS Backoffice under the SPG APP 2.0 if the ClientID is correct. If the problem persists contact SIBS Gateway support for a ClientID reset.
  • HTTP-405 (Method Not Allowed): The HTTP Method used is not matching any of the API definitions available. Please check in API Market for the correct HTTP Method.
  • HTTP-429 (Too Many Requests): The API calls rate limit has been exceeded. Please check in API Market for information on the rate limits that apply to the API.
  • HTTP-500 (Internal Server Error): The API call has failed… and its most likely on our side. You should retry the operation, and if the problem persists contact SIBS Gateway support for assistance.
  • HTTP-503 (Service Unavailable): The API call is not currently available. Usually we are always on, but short availability issues may occur during scheduled maintenance.

For more information regarding the responses, please check API Dev Portal.

Next the BLIK transaction data has to be generated:

Note that the following request need an Authorization Header with the “transactionsSignature” returned from checkout operation.

In this requests, the Bearer Token is replaced by the checkout response “transactionSignature”.



Authorization: Digest {transactionSignature}

Expected Response

A successful technical response comprises of an HTTP-200 status and a returnStatus.statusCode=”000″.

Afterwards you can perform a Get Status

Once the payment has been processed, you can check the status of your transaction making a GET request.

The Authorisation HTTP header is set to the Bearer token as it was used in the initial Checkout.

Request URL:{transactionID}/status
Request Headers:
     Autorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6I (...)
X-IBM-Client-Id: b4480347-9fc8-4790-b359-100a99c60ea3
Content-Type: application/json