Frequently Asked Questions

Account servicing payment service provider means a payment service provider providing and maintaining a payment account for a payer (see PSD2).

Any entity can register in SIBS API Market Sandbox, check the available APIs and test its systems against Sandbox interface.  For Test & Production environment,  you need to be a registered TPP, with a valid eIDAS certificate. Se also the FAQ "What is the difference between the Sandbox and the Test & Production?"

As a matter of principle, all electronic means of payment are subject to strong customer authentication. However, exemptions to the principle of strong customer authentication (SCA) are possible, as it is not always necessary and convenient to request the same level of security from all payment transactions.
These exemptions have been defined by the European Banking Authority (EBA) and adopted by the European Commission, taking account of the risk involved, the value of transactions and the channels used for the payment.
Such exemptions include low value payments at the point of sale (to facilitate the use of mobile and contactless payments) and also for remote (online) transactions. The exemptions from strong customer authentication seek to avoid disrupting the ways consumers, merchants and payment service providers operate today. They are also based on the fact that there are alternative authentication mechanisms that are equally safe and secure.

‘strong customer authentication’ means an authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data (see PSD2).

A Regulated Third Party Provider (TPP) is an entity who is certified and authorized by a national certification authority (NCA), as regulated by the PSD2 (Payment Services Directive) to access a payment account's information (AISP) and/or to initiate payments (PISP) on behalf of the payer, as long as having the proper payer's consent to do so, even if the payments account is held at another payment service provider (e.g. a bank). Companies using APIs out of the PSD2 scope are Non Regulated TPPs.

PSD2 widens the scope of PSD1 by covering new services and players as well as by extending the scope of existing services (payment instruments issued by payment service providers that do not manage the account of the payment service user), enabling their access to payment accounts.
PSD2 includes transactions with third countries when only one of the payment service providers is located within the EU ("one-leg transactions").
To make electronic payments safer and more secure, PSD2 introduces enhanced security measures to be implemented by all payment service providers, including banks. In particular, PSD2 requires payment service providers to apply strong customer authentication (SCA) for electronic payment transactions as a general rule. To that end, the Commission adopted rules that spell out how strong customer authentication (SCA) is to be applied.

The revised Payment Services Directive (PSD2) updates and complements the EU rules put in place by the Payment Services Directive (PSD1, 2007/64/EC). Its main objectives are to:
- Contribute to a more integrated and efficient European payments market
- Improve the level playing field for payment service providers (including new players)
- Make payments safer and more secure
- Protect consumers

Send a request via "contact us"

TPPs can register several applications according to their business and technical needs. SIBS may controll the number of registered applications in Sandbox and Test & Production environments, in order to ensure a reasonable usage of the platform. 

Yes it can. A TPP may want to subscribe APIs with diferent Certificate requirements and hence, it may need more than one Register. 

There is no cost associated with accessing and using the APIs in the Sandbox environment. Using the APIs in production environment has a cost based on the services to consume and their intended use. The APIs regulated by PSD2 have no access costs for registered TPPs. Costs can be found at the Subscription Plans.

Account information service means an online service to provide consolidated information on one or more payment accounts held by the payment service user with either another payment service provider or with more than one payment service provider (see PSD2).

Payment initiation service means a service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider (see PSD2).

MB WAY is the leading Payments App in Portugal, built upon SIBS Multibanco scheme, with more than 1 million Users and a wide merchant’s network. Want to know more? Please see the MBWAY site (

In SIBS API Market you can find Account Information, Payments Initiation and Availability of Funds API, named PSD2 compliant APIs. You can also integrate Banks List in order to get to know which banks are connected to this market.  MB WAY API is also available as a payment method API for you to integrate a phone number ID for purchases. You can check the available APIs at the menu "API Products". Product details can be found at each "API Documentation" on the Sandbox. 

The subscription  is  done through a Product Catalog  which comprise a set of APIs.  Within each Product,  you can subscribe different plans. 

A company that publishes an API at SIBS API Market, is an API Provider. A company that subscribes APIs to integrate in their own Apps is a Third Party Provider (TPP).

The list of the SIBS API Market connected banks can be checked on "API Providers" menu - Connected Banks. 

Testing within the sandbox only requires a simple registration at our website. The Sandbox is a closed environment, without any connection to the banks (API Providers), that retrieves static data with the same structure as production data. This way, a TPP can ensure that messages are well formated. No need to use eIDAS certificates or other credentials than register with us.
The Test and Production environment provides all the technical documentation and end-to-end testing to fully test your apps and user experience. You need to be a registered TPP and have a valid eIDAS or at least have formally started a registration with a National Competent Authority (NCA) for using PSD2 APIs. For APIs out of PSD2 scope, requirements will depend on the Product.

For the API Providers, that is, companies willing to share their data and publish APIs, in order to be rewarded by monetizing new transactions, attract new customers and increase their brand recognition. On the demand side, for the Third Party Providers (TPPs), usually Fintechs and Startups (but incumbent Financial Institutions and other companies as well), wanting to use the full potential of a connected world to bring new services.

Start by registering at our website and perform tests within the sandbox environment. You can access the required technical information  and test against static data. For more info, just follow the Getting Started steps. 

SIBS API Market is a global and open API (Application Programing Interface) platform that aims to give easy access to a wide range of API for financial services, in order to create a new ecosystem for the development of new services and business models.