Quick M-Pesa Integration Summary
- Integration cost: KSh 30,000 - 80,000 (developer fees)
- Transaction fee: ~1% for STK Push
- Sandbox access: Instant (free) at developer.safaricom.co.ke
- Production Paybill: 2-4 weeks to get from Safaricom
- Development time: 1-3 weeks
- Total time to live: 3-6 weeks
M-Pesa processes over $314 billion in annual transactions. If you're building any app, website, or system for Kenyan users, M-Pesa integration isn't optional — it's the most important feature you'll build. Here's our complete guide from sandbox to production.
Daraja API Types Explained
STK Push (Lipa Na M-Pesa Online)
What it does: Sends a payment prompt to the customer's phone. They just enter their M-Pesa PIN to pay.
Use case: E-commerce checkout, bill payments, subscription charges, in-app purchases
Success rate: 70-85% (highest of all M-Pesa methods)
Why it's best: Minimal friction — customer doesn't need to remember your Paybill number or type anything. One tap + PIN = done.
C2B (Customer to Business)
What it does: Registers a callback URL on your Paybill/Till so you get notified when customers pay manually via the M-Pesa menu.
Use case: Utility bills, rent payments, manual customer payments
Note: Customer initiates from their phone. You just listen for the callback. Use alongside STK Push to capture both online and offline payments.
B2C (Business to Customer)
What it does: Send money from your Paybill to a customer's M-Pesa account.
Use case: Salary payments, refunds, loan disbursements, cashback, agent commissions
Important: Requires additional Safaricom approval and higher security credentials. Budget extra time for this.
B2B (Business to Business)
What it does: Transfer funds between two Paybill/Till numbers.
Use case: Supplier payments, marketplace payouts, inter-company transfers
Note: Less commonly used. Most businesses use bank transfers for B2B.
Setup Process
Step 1: Get Sandbox Credentials (Instant)
- Go to developer.safaricom.co.ke
- Create a developer account
- Create a new app — select the APIs you need (STK Push, C2B, B2C)
- You get Consumer Key and Consumer Secret immediately
- Use the sandbox test credentials to simulate transactions
Step 2: Get Production Credentials (2-4 weeks)
- Apply for a Safaricom Paybill or Buy Goods (Till) number
- Requirements: Business registration certificate, KRA PIN, company bank account, business letter
- Safaricom reviews and issues your shortcode
- Request API access on the Daraja portal for your production shortcode
- Complete the go-live checklist (callback URLs, security credentials)
STK Push Integration Flow
Here's the typical STK Push flow:
- Your server requests an OAuth access token from Daraja
- Your server sends STK Push request with customer phone, amount, and callback URL
- Safaricom pushes payment prompt to customer's phone
- Customer enters M-Pesa PIN
- Safaricom processes the payment
- Safaricom sends result to your callback URL
- Your server processes the callback and updates the order/payment status
Integration Costs
| Item | Cost | Notes |
|---|---|---|
| Developer integration | KSh 30,000 - 80,000 | Depends on APIs needed and complexity |
| Paybill application | Free | But requires business docs |
| Transaction fee (STK Push) | ~1% per transaction | Deducted from received amount |
| B2C fee | KSh 5-22 per transaction | Depends on amount sent |
| SMS confirmation | Included by Safaricom | Customer gets SMS automatically |
| Callback server | KSh 5,000-20,000/month | Must be HTTPS with valid SSL |
For full software development pricing context, see our software development cost guide. For gateway comparisons, read our payment gateway comparison.
Common Pitfalls (and How to Avoid Them)
- Not handling timeouts: STK Push has a 60-second timeout. If the user doesn't respond, you get a timeout callback. Always handle this gracefully — don't mark the order as "failed" immediately; query the transaction status first.
- Not validating callbacks: Always verify that callbacks actually come from Safaricom (check IP whitelist and response structure). Fake callbacks are a real fraud vector.
- Duplicate transactions: Users sometimes get double-prompted. Implement idempotency — use unique transaction IDs and check for duplicates before processing.
- No reconciliation: Build daily reconciliation that compares your records with M-Pesa statements. Discrepancies happen and catching them early is critical.
- Ignoring the sandbox: The sandbox behaves differently from production. Always test edge cases in sandbox but validate behavior in production.
- HTTP vs HTTPS: Callback URLs MUST be HTTPS with a valid SSL certificate. Self-signed certificates will not work.
M-Pesa Beyond Kenya
M-Pesa exists in Tanzania (via Vodacom) but uses a completely different API. If you're building for multiple countries:
- Kenya: Safaricom Daraja API (this guide)
- Tanzania: Vodacom M-Pesa Open API (different endpoints, different auth)
- Uganda: No M-Pesa — use MTN Mobile Money instead. See our MTN MoMo guide
For a comparison of all East African mobile money platforms, read our M-Pesa vs MTN MoMo vs Tigo Pesa comparison.
Frequently Asked Questions
Need M-Pesa Integration?
We've integrated M-Pesa for dozens of Kenyan businesses. Get expert integration with proper error handling and reconciliation.
Get Free Quote