M-Pesa processes over KES 500 billion in transactions every month in Kenya. For most businesses, it is not just a payment option — it is the primary way customers pay. Yet many organisations are still managing M-Pesa payments manually: checking phone notifications, updating spreadsheets, and reconciling till statements at the end of the day.
This is not a small problem. Manual M-Pesa management is slow, error-prone, and completely unscalable. The good news is that Safaricom provides a developer API — called Daraja — that allows businesses to connect M-Pesa directly to their systems.
Here is what you need to understand before embarking on an M-Pesa integration.
Daraja is Safaricom’s official developer platform for M-Pesa integration. It exposes a set of APIs that allow your system to initiate and receive M-Pesa transactions programmatically.
The two most important capabilities for most businesses are:
STK Push (Lipa Na M-Pesa Online). This allows your system to send a payment prompt directly to a customer’s phone. The customer enters their M-Pesa PIN, and the payment is processed. No sharing of till numbers or waiting for confirmation messages — the transaction happens and your system is notified automatically.
C2B (Customer to Business). This allows your system to receive and process payments made to your Paybill or Till number. When a customer pays, Daraja sends a real-time notification to your system with all the transaction details — amount, phone number, transaction reference — allowing you to update your records instantly without any manual intervention.
There are additional capabilities including B2C (sending money to customers, useful for refunds or disbursements) and B2B (business to business payments), but STK Push and C2B cover the needs of most organisations.
To integrate with Daraja, your business needs the following:
A registered M-Pesa Paybill or Till Number. You cannot use a personal M-Pesa account for business API integration. You need a registered business shortcode. Paybill numbers are suitable for most businesses as they allow customers to enter an account number, making reconciliation easier.
A Daraja developer account. Register at developer.safaricom.co.ke. This gives you access to sandbox credentials for testing before going live.
Go-live approval from Safaricom. After building and testing your integration in the sandbox, you submit a go-live request. Safaricom reviews your implementation before activating your production credentials. This process typically takes one to two weeks.
A publicly accessible callback URL. When a transaction completes, Daraja sends the confirmation to a URL on your server. This URL must be publicly accessible over HTTPS — it cannot be a local development URL.
E-commerce and booking systems. When a customer places an order or makes a booking, your system triggers an STK Push to their phone. The customer confirms with their PIN. Your system receives the callback, verifies the payment, and confirms the order automatically.
Invoice payment. You generate an invoice and include a “Pay Now” button. Clicking it triggers an STK Push to the customer’s registered phone number. Payment confirmation updates the invoice status in your accounting system without manual intervention.
Subscription billing. For businesses with recurring payments, your system can trigger STK Push on billing dates automatically, and handle successful payments and failures programmatically.
Till reconciliation. For retail businesses with a physical till, C2B integration means every payment made to your till is captured in your system in real time, eliminating end-of-day manual reconciliation.
Callback security. Your callback URL will receive POST requests from Safaricom’s servers. Always validate that incoming requests are genuinely from Safaricom — check the transaction details against your pending records before confirming any payment.
Handling timeouts. M-Pesa STK Push has a timeout — if the customer does not respond within a few minutes, the request expires. Your system needs to handle this gracefully, allowing the customer to retry rather than leaving them in a broken state.
Idempotency. In rare cases, Safaricom may send the same callback more than once. Your system should check whether a transaction has already been processed before acting on a callback, to avoid crediting a payment twice.
Connectivity handling. If your server is temporarily unreachable when Safaricom sends a callback, you need a process for reconciling missed callbacks. Safaricom provides a transaction status query API for this purpose.
The return on a well-executed M-Pesa integration is immediate and clear. Manual M-Pesa management — even for a team processing a hundred transactions a day — consumes significant staff time. Errors in manual reconciliation lead to disputes, failed order confirmations, and accounting discrepancies.
Automated integration eliminates all of this. Payments are confirmed in seconds. Records are updated automatically. Reconciliation happens in real time. Your team can focus on work that actually requires human judgment.
If you are evaluating M-Pesa integration for your business systems, talk to us. We have implemented Daraja API integrations across multiple business types and can help you understand what the right approach looks like for your specific setup.
Found this useful?
Share it with someone who needs to read it.
