Menu
Back to homepage

PAYMENT GATEWAY

Back to homepage

[THK] C.5.1 API-Level Status Codes (HTTP + StatusCode)

Overview

This section defines the API-level status model used by the SIBS Payment Gateway (SPG), combining:

  • HTTP status codes
  • statusCode values returned in the returnStatus object

Together, these elements define the technical outcome of an API request, including:

  • request validation results
  • processing success or failure
  • temporary system conditions

This layer represents the canonical API response contract, independent of payment method or business outcome.

The tables presented in this section provide the complete mapping between HTTP responses and statusCode values for the different SPG API operations.

Dual-Layer Response Model

SPG API responses must be interpreted using two complementary layers:

  • HTTP Status Code → transport-level and request-level result
  • statusCode → application-level result within SPG

For example:

  • HTTP 200 + statusCode = "000" → request accepted and processed
  • HTTP 400 + statusCode = "E0101" → invalid request
  • HTTP 503 + statusCode = "T9999" → temporary system condition

Both layers must be evaluated together to correctly classify the result of the operation.

HTTP Status Code Semantics

The HTTP status code reflects the technical status of the request at protocol level.

Typical values include:

  • 200 OK → request successfully processed
  • 206 Partial Content → partial processing (when applicable)
  • 400 Bad Request → invalid request structure or parameters
  • 401 / 403 → authentication or authorization failure
  • 404 Not Found → resource not found
  • 409 Conflict → request conflicts with current state
  • 500 Internal Server Error → unexpected failure
  • 503 Service Unavailable → temporary system unavailability

HTTP status codes provide the first-level classification, but must always be interpreted together with statusCode.

statusCode Semantics

At API level, statusCode represents the application-level outcome of the operation.

Typical categories include:

  • Success
    • 000 → operation successfully processed
  • Client / Validation Errors
    • e.g., E0101 → invalid request
    • e.g., E0119 → declined operation
  • Processing Errors
    • e.g., E0301 → transaction not found or processing issue
  • Temporary Errors
    • e.g., T9999 → temporary condition requiring retry

These codes are used consistently across API endpoints, although their exact values and meanings depend on the specific operation.

Interpretation Model

API-level status must be interpreted using the following sequence:

  1. Evaluate HTTP status code
  2. Evaluate statusCode
  3. Interpret paymentStatus (if present)

This ensures correct separation between:

  • transport-level issues
  • request validation errors
  • processing outcomes
  • business state

The relationship between these elements is defined in C.5 Status Codes and Error Codes Mapping.

API-Level Status Code Tables

The following tables define the mapping between HTTP status codes and statusCode values for each SPG API domain.

Checkout Request

HTTP CodeHTTP MessageStatus CodeStatus MessageStatus Description
200OK000SuccessSuccess
400Bad RequestE0001ErrorInvalid merchant or terminal code
400Bad RequestE0002ErrorInvalid request, data is missing or is invalid
400Bad RequestE0003ErrorOperation not allowed by the Merchant
400Bad RequestE0004ErrorOperation not allowed by the Acquirer
400Bad RequestE0005ErrorOperation not allowed, terms and condition not configured by Merchant
400Bad RequestE0006ErrorNo payment methods available
400Bad RequestE9999ErrorOperation declined by authorisation system
503Internal Server ErrorT9999Temporary errorSIBS temporary internal error

Payment Request

HTTP CodeHTTP MessageStatus CodeStatus MessageStatus Description
206Partial Content000SuccessPartial
200OK000SuccessSucess
400UnauthorizedE0100ErrorInvalid merchant or terminal code
400Bad RequestE0101ErrorInvalid request, data is missing or is invalid
400Bad RequestE0102ErrorCheckout expired
409ConflictE0103ErrorWrong parameterization for the payment method
400Bad RequestE0104ErrorAcceptor not active
400Bad RequestE0105ErrorInvalid terminal
400Bad RequestE0106ErrorTerminal code differs from checkout terminal code
400Bad RequestE0107ErrorInvalid terminal status
400Bad RequestE0108ErrorTerminal is not authorized
400Bad RequestE0109ErrorInvalid Amount
400Bad RequestE0110ErrorAmount not supported
400Bad RequestE0111ErrorAmount limit exceeded
400Bad RequestE0112ErrorWrong Currency
400Bad RequestE0113ErrorInsufficient funds
400Bad RequestE0114ErrorTransaction amount exceeds the authorized amount
400Bad RequestE0115ErrorTransaction amount is lower than the comission
400Bad RequestE0116ErrorInvalid transaction value
400Bad RequestE0117ErrorDaily amount limit exceeded
400Bad RequestE0118ErrorPossible risk of fraud
400Bad RequestE0119ErrorDeclined operation
400Bad RequestE0120ErrorCard issuer temporarily unavailable
400Bad RequestE0121ErrorInvalid payment request, terms and conditions were not accepted
400Bad RequestE0122ErrorTransaction not allowed
400Bad RequestE0123ErrorTransaction not authorized
403Bad RequestE0124ErrorInvalid operation, transaction already processed
400Bad RequestE0125ErrorInvalid original transaction
400Bad RequestE0126ErrorNo match between transactions
400Bad RequestE0127ErrorTransaction already made
400Bad RequestE0128ErrorExceeded the number of operations allowed
400Bad RequestE0129ErrorDeclined, recurring payment is deactivated
400Bad RequestE0130ErrorAuthorisation expired
400Bad RequestE0131ErrorAuthorisation is cancelled
400Bad RequestE0132ErrorAuthorization was already used
400Bad RequestE0133ErrorRefund amount exceeds purchase amount
400Bad RequestE0134ErrorRefund amount exceeds available daily funds
400Bad RequestE0135ErrorRefund amount is invalid
400Bad RequestE0136ErrorPurchase already refunded
400Bad RequestE0137ErrorInvalid refund amount
400Bad RequestE0138ErrorCancellation amount exceeds the authorized amount
400Bad RequestE0139ErrorInvalid Cancellation
400Bad RequestE0140ErrorNo agreement found
400Bad RequestE0141ErrorPayment type differs from checkout payment type
400Bad RequestE0142ErrorTransaction Unknown
400Bad RequestE0143ErrorIssuer’s Acceptor Configuration is not valid
400Bad RequestE0144ErrorDeclined by the issuer due to invalid account
400Bad RequestE0145ErrorOperation not supported by the issuer
400Bad RequestE0146ErrorOffline operation not allowed by the issuer
400Bad RequestE0147ErrorOperation declined by the issuer
400Bad RequestE0148ErrorCommunication error with the issuer
400Bad RequestE0149ErrorIssuer’s acquirer configuration is not valid
400Bad RequestE0150ErrorUnknown issuer
400Bad RequestE0151ErrorInvalid operation
400Bad RequestE0152ErrorInvalid original amount
400Bad RequestE0153ErrorInvalid transaction
400Bad RequestE0154ErrorTransaction not allowed by the issuer for the given terminal
400Bad RequestE0155ErrorCash Service not available
400Bad RequestE0156ErrorAdditional customer authentication required
400Bad RequestE0157ErrorAcquirer not registered on SP
400Bad RequestE0158ErrorUnavailable agreement data
400Bad RequestE0159ErrorInvalid fee
400Bad RequestE9999ErrorOperation declined by authorisation system
503Service unavailableT9999Temporary errorSIBS temporary internal error

Status Inquiry

HTTP CodeHTTP MessageStatus CodeStatus MessageStatus Description
200OK000SuccessSuccess
200OK000SuccessPending
200OK000SuccessIn Processing
200OK000SuccessPartial
200OK000SuccessTimeout
400Bad RequestE0300ErrorInvalid request, data is missing or is invalid
400Bad RequestE0301ErrorTransaction not found
400Bad RequestE0302ErrorInvalid merchant or terminal code
400Bad RequestE0303ErrorInvalid transaction ID or merchant transaction ID
400Bad RequestE9999ErrorOperation declined by authorisation system
503Service unavailableT9999Temporary errorSIBS temporary internal error

Backoffice Operations

HTTP CodeHTTP MessageStatus CodeStatus MessageStatus Description
200OK000SuccessSuccess
400Bad RequestE0200ErrorInvalid request, data is missing or is invalid
400Bad RequestE0201ErrorOperation not allowed by the Merchant
400Bad RequestE0202ErrorOperation not supported
400Bad RequestE9999ErrorOperation declined by authorisation system
503Service unavailableT9999Temporary errorSIBS temporary internal error

MB WAY

HTTP CodeHTTP MessageStatus CodeStatus MessageStatus Description
200OK000SuccessSuccess
201OK000SuccessSuccess
400Bad RequestE0500ErrorOperation was not accepted by the card holder
400Bad RequestE0501ErrorInvalid request, data is missing or is invalid
400Bad RequestE0502ErrorNot possible to associate MB WAY to the provided alias
400Bad RequestE0503ErrorThe provided alias is not correct
400Bad RequestE0504ErrorThe provided alias has an invalid format
400Bad RequestE0505ErrorThe provided alias is duplicated
400Bad RequestE0506ErrorThe provided alias does not exist
400Not foundE0507ErrorUnknown MB WAY authorized payment
400Bad RequestE0508ErrorInvalid MB WAY authorized payment amount
400Bad RequestE0509ErrorMB WAY authorized payment’s monthly amount limit reached
400Bad RequestE0510ErrorMB WAY authorized payment’s merchant limits reached
400Bad RequestE0511ErrorIneligible MB WAY authorized payment for the MB WAY alias
400Bad RequestE0512ErrorMB WAY authorized payment invalid expiration date
400Bad RequestE0513ErrorMB WAY authorized payment creation timeout
400Bad RequestE0514ErrorOperation Rejected due to fraud suspicion
400Bad RequestE0515ErrorMB WAY Authorized Payment not created. Cardholder did not accept the operation.
400Bad RequestE0516ErrorMB WAY authorized payment is expired
400Bad RequestE0517ErrorMB WAY authorized payment Cancellation timeout
400Bad RequestE0518ErrorMB WAY authorized payment already cancelled
400Bad RequestE0519ErrorInvalid operation type
400Bad RequestE0520ErrorMB WAY Authorized payment disabled
400Bad RequestE0521ErrorOperation declined. MB WAY alias is already associated
400Bad RequestE0522ErrorInvalid terminal
400Bad RequestE0523ErrorInvalid amount
400Bad RequestE0524ErrorDeclined operation
400Bad RequestE0525ErrorInvalid original transaction
400Bad RequestE0526ErrorAuthorisation is cancelled
400Bad RequestE0527ErrorAuthorisation was already used
400Bad RequestE0528ErrorRefund amount exceeds purchase amount
400Bad RequestE0529ErrorInvalid refund amount
400Bad RequestE0530ErrorCancellation amount exceeds the authorized amount
400Bad RequestE0531ErrorMB WAY purchase with an invalid card
400Bad RequestE0532ErrorMB WAY purchase with an invalid card data
400Bad RequestE0533ErrorTransaction already refunded
400Bad RequestE0534ErrorMB WAY Authorized Payment creation error
400Bad RequestE0535ErrorInvalid Service Provider
400Bad RequestE0536ErrorMB WAY Authorized Payment is suspended
400Bad RequestE0537ErrorMB WAY Authorized Payment – Invalid Payment method
400Bad RequestE0538ErrorMB WAY Authorized Payment Data is missing
400Bad RequestE0539ErrorMB WAY Authorized Payment Service is inactive
400Bad RequestE0540ErrorMB WAY Authorized Payment Already Exists
400Bad RequestE0541ErrorMB WAY Authorized Payment is Cancelled
400Bad RequestE0542ErrorMB WAY Authorized Payment Data does not match operation data
400Bad RequestE0543ErrorMB WAY Authorized Payment Unavailable
400Bad RequestE0544ErrorMB WAY Authorized Payment invalid status
400Bad RequestE9999ErrorOperation declined by authorisation system
408Request TimeoutT9999Temporary errorSIBS temporary internal error
503Service UnavailableT9999Temporary errorSIBS temporary internal error

Multibanco

HTTP CodeHTTP MessageStatus CodeStatus MessageStatus Description
400Bad RequestE0600ErrorInvalid payment entity
400Bad RequestE0601ErrorInvalid payment reference minimum amount
400Bad RequestE0602ErrorInvalid payment reference maximum amount
400Bad RequestE0603ErrorInvalid currency
400Bad RequestE0604ErrorInvalid NIB or IBAN
400Bad RequestE0605ErrorInvalid payment reference initial date time
400Bad RequestE0606ErrorInvalid payment reference limit date time
400Bad RequestE0607ErrorInvalid Email
400Bad RequestE0608ErrorPayment entity is not active
400Bad RequestE0609ErrorMissing data required to perform the payment reference generation
400Bad RequestE0610ErrorPayment reference generation not allowed for the payment entity
400Bad RequestE0611ErrorUnknown payment reference
400Bad RequestE0612ErrorPayment reference is cancelled
400Bad RequestE0613ErrorPayment reference already paid
400Bad RequestE0614ErrorInvalid operation
400Bad RequestE0615ErrorTransaction with error or not found
400Bad RequestE0616ErrorInvalid refund amount
400Bad RequestE0617ErrorRefund amount exceeds payment amount
400Bad RequestE0618ErrorService Payment already refunded
400Bad RequestE0619ErrorService Payment refund not allowed
400Bad RequestE9999ErrorOperation declined by authorisation system

Card Payments

HTTP CodeHTTP MessageStatus CodeStatus MessageStatus Description
400Bad RequestE0700ErrorInvalid card data. Card number, CVV or expiration date is invalid
400Bad RequestE0701ErrorInvalid card
400Bad RequestE0702ErrorCard brand not supported
400Bad RequestE0703ErrorInvalid payment modality
400Bad RequestE0704ErrorDCC not allowed
400Bad RequestE0705ErrorCard holder not authenticated
400Bad RequestE0706ErrorAuthentication method not allowed
400Bad RequestE9999ErrorOperation declined by authorisation system
503Bad RequestT9999Temporary errorSIBS temporary error

Security and Authentication

HTTP CodeHTTP MessageStatus CodeStatus MessageStatus Description
401UnauthorizedE0900ErrorInvalid authentication or authorisation Data
401Bad RequestE9999ErrorOperation declined by authorisation system

Handling Principles

At API level, responses must be handled as follows:

  • HTTP 2xx + statusCode = "000"
    → request accepted; proceed to evaluate paymentStatus
  • HTTP 4xx + statusCode = Exxxx
    → request invalid; must be corrected before retry
  • HTTP 5xx / 503 + statusCode = Txxxx
    → temporary issue; retry according to strategy
  • Temporary conditions (Txxxx)
    → must be handled with retry and backoff mechanisms

Detailed handling rules and responsibility mapping are defined in C.5.2 Error Code Categories and Responsibility Model.

Key Observations

  • API-level codes are independent of payment method
  • statusCode = "000" does not guarantee a successful payment
  • HTTP status alone is insufficient for interpretation
  • statusCode must always be evaluated together with paymentStatus
  • Temporary errors must be explicitly handled to ensure system resilience

Relationship with Other Code Domains

API-level status codes provide a normalized response model but must be complemented with:

These layers together provide the full interpretation of SPG responses.

Final Consideration

API-level status codes define the first layer of interpretation in SPG responses.

They establish how requests are accepted, validated, and processed, but do not define the final business outcome.

A correct implementation requires combining:

  • HTTP status
  • statusCode
  • paymentStatus

and applying the interpretation model defined in C.5 Status Codes and Error Codes Mapping.

This ensures consistent, reliable, and production-ready handling of all SPG API interactions.

On this page:

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.