Course Content
Building Your First Mpesa Integration
This topic focuses on guiding you through the process of building a functional Mpesa integration from scratch. You will learn how to set up a backend for handling API requests, generate secure access tokens for authentication, and implement an STK Push transaction to facilitate payments. By the end of this topic, you will have a working example of Mpesa integration.
0/3
Backend Setup with PHP/Node.js/Other Frameworks
Generating Access Tokens
06:32
Implementing an STK Push Transaction
12:18
C2B and B2C Integrations
In this topic, learners will explore the core concepts of integrating Mpesa's Customer-to-Business (C2B) and Business-to-Customer (B2C) payment functionalities. The lessons will cover configuring C2B payments to enable customers to pay businesses and using B2C for disbursing funds to customers. Additionally, the topic will explain how to implement real-time transaction status updates to ensure seamless payment tracking and reconciliation.
0/3
Configuring C2B (Customer to Business) Payments
Using B2C (Business to Customer) for Disbursements
Real-Time Transaction Status Updates
Testing and Debugging
This topic focuses on ensuring the reliability and correctness of Mpesa integrations by testing in the sandbox environment, debugging using logs and tools like Postman, and eventually transitioning to the production environment. By the end of this topic, learners will be equipped with practical knowledge of testing and debugging their integration effectively.
0/3
Testing Transactions in the Sandbox Environment
Using Logs and Postman for Debugging
Moving to Production
00:00
Security and Best Practices
This topic covers the critical aspects of securing your Mpesa integration by properly managing API keys and tokens, handling errors in a way that improves the user experience, and complying with Mpesa’s integration guidelines. Following these practices ensures that your integration is secure, reliable, and in line with best practices, minimizing the risk of fraud and ensuring smooth operations.
0/3
Securing Your API Keys and Tokens
Handling Errors Gracefully
Complying with Mpesa Integration Guidelines
Real-World Application
This topic explores how Mpesa can be seamlessly integrated into real-world applications, particularly e-commerce platforms. It covers integrating payment systems, customizing user experiences to enhance payment flows, and using analytics for business insights. By the end of this topic, learners will understand how to leverage Mpesa for creating smoother and more efficient payment processes, as well as tracking transactions for actionable insights.
0/3
Integrating Mpesa into an E-Commerce Platform
Customizing User Experiences with Mpesa Payments
Analytics and Reporting
Build a Payment Gateway with Mpesa
In this project, learners will apply the skills acquired throughout the course to build a functional payment gateway integrated with Mpesa. The project will walk through the entire process, from backend setup and API integration to handling transactions and user feedback. By the end of this topic, learners will have developed a working payment gateway and be ready to present their projects for review and feedback.
0/3
Step-by-Step Implementation of a Working Payment Gateway
Presenting Your Project for Feedback
Final Project Submission
Introduction to Mpesa Integration
Gain an understanding of Mpesa’s role in facilitating mobile payments. Learn about its features, real-world applications, and benefits in businesses. This module covers the prerequisites for starting your Mpesa integration journey.
0/2
Overview of Mpesa services and APIs
11:02
Requirements for Mpesa Integration
00:45
Setting Up The Environment
In this topic, you learned how to set up the environment for Mpesa integration. This includes registering on the Mpesa Daraja Portal, acquiring API credentials, and using tools like Postman and Ngrok for development and testing. You also set up a local server, configured callback URLs, and simulated transactions in the sandbox environment. Finally, you prepared for production by understanding the approval process and transitioning to live operations. These steps form the foundation for successfully integrating Mpesa APIs into your application.
0/4
Tools and platforms needed (Postman, Ngrok, etc.)
Registering for Mpesa Daraja API
Overview of sandbox and production environments
Tools, Registration, and Environments Quiz
Understanding Mpesa APIs
This topic provides an overview of the various Mpesa APIs available for integration. You will learn about the key API services that facilitate mobile money transactions, such as the STK Push, C2B, B2C, and Account Balance APIs. Understanding how each API works will help you design robust and efficient payment systems, and ensure seamless transactions between businesses and customers.
0/3
Mpesa API documentation walkthrough
Authentication: Consumer Key and Secret
Key API Endpoints: STK Push, C2B, B2C, Balance Inquiry
Mpesa Integration – Daraja API :Crash Course
Applying the skills acquired throughout the course, the video below will guide you to build a functional payment gateway integrated with Mpesa. The project will walk through the entire process, from backend setup and API integration to handling transactions and user feedback. By the end of this topic, you will have developed a working payment gateway and be ready to present your projects for review and feedback.
0/2
Using Node.Js
Using PHP
M-Pesa Integration MasterClass
About Lesson

Lesson Summary

In this topic, we will cover the process of authenticating your requests to the Mpesa API using the Consumer Key and Consumer Secret. These two credentials are essential for generating the OAuth 2.0 Access Token, which is required for making authenticated API requests. You will learn how to securely handle these credentials and generate the access token needed to interact with the Mpesa APIs.

Lesson: Understanding and Using Consumer Key and Secret

  1. What are Consumer Key and Secret?

    • Consumer Key and Consumer Secret are unique credentials provided by Safaricom when you register your application on the Safaricom Developer Portal. These credentials are used to authenticate your app and authorize access to the Mpesa APIs.
    • Consumer Key: A public identifier used to identify your application during API requests.
    • Consumer Secret: A private key that is paired with the Consumer Key to securely authenticate the app.

  2. How to Obtain Consumer Key and Secret

    • To obtain the Consumer Key and Consumer Secret, follow these steps:
      1. Register on the Safaricom Developer Portal: Create an account on the Safaricom Developer Portal.
      2. Create an Application: After logging in, create a new app within the portal, providing the required information (e.g., app name, description).
      3. Get Your Credentials: Once your app is created, you will be able to see your Consumer Key and Consumer Secret. These credentials will be used to authenticate your API requests.

  3. Generating the OAuth 2.0 Access Token

    • OAuth 2.0 is the authentication protocol used by Mpesa. To make authenticated requests, you must first generate an Access Token using the Consumer Key and Consumer Secret.

    Steps to generate the Access Token:

    1. Obtain the Access Token URL:
      The Access Token is generated by making a POST request to the following endpoint: 
      POST https://api.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials
    2. Request Headers:
      You need to set the authorization header to include your Consumer Key and Consumer Secret.
      • The header format for Basic Authentication will be: 
        Authorization: Basic <base64(ConsumerKey:ConsumerSecret)>
      1. Send the Request:
        Use Postman or any HTTP client to send the request. You should receive a JSON response containing the Access Token. Example response:
      {
  "access_token": "YourAccessTokenHere",
  "expires_in": 3600
}
    3. Use the Access Token:
      The access token returned will be valid for 1 hour. You must include this token in the header of each API request to authenticate it.

  4. Example Request to Generate Access Token (Using Postman)

    • Set the method to POST.
    • Set the URL to https://api.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials.
    • Add an Authorization header with the value: 
      Basic base64(ConsumerKey:ConsumerSecret)
    • Send the request and retrieve the Access Token from the response.

  5. Best Practices for Storing Consumer Key and Secret

    • Do not hardcode your Consumer Key and Consumer Secret in your code, especially for production environments. Instead, store them securely in environment variables or a secrets management service.
    • Limit access to these credentials, ensuring only authorized team members or services can access them.
    • Regularly rotate your keys to maintain security.

 

Summary

In this lesson, you learned about the Consumer Key and Consumer Secret, which are essential for authenticating with the Mpesa API. You also explored how to generate the OAuth 2.0 Access Token and how to securely handle and store these credentials to ensure smooth and secure API interactions. This knowledge is vital for accessing the various Mpesa services and performing transactions.

Previous
Next