Course Content
Building Your First Mpesa Integration
This topic focuses on guiding you through the process of building a functional Mpesa integration from scratch. You will learn how to set up a backend for handling API requests, generate secure access tokens for authentication, and implement an STK Push transaction to facilitate payments. By the end of this topic, you will have a working example of Mpesa integration.
0/3
Backend Setup with PHP/Node.js/Other Frameworks
Generating Access Tokens
06:32
Implementing an STK Push Transaction
12:18
C2B and B2C Integrations
In this topic, learners will explore the core concepts of integrating Mpesa's Customer-to-Business (C2B) and Business-to-Customer (B2C) payment functionalities. The lessons will cover configuring C2B payments to enable customers to pay businesses and using B2C for disbursing funds to customers. Additionally, the topic will explain how to implement real-time transaction status updates to ensure seamless payment tracking and reconciliation.
0/3
Configuring C2B (Customer to Business) Payments
Using B2C (Business to Customer) for Disbursements
Real-Time Transaction Status Updates
Testing and Debugging
This topic focuses on ensuring the reliability and correctness of Mpesa integrations by testing in the sandbox environment, debugging using logs and tools like Postman, and eventually transitioning to the production environment. By the end of this topic, learners will be equipped with practical knowledge of testing and debugging their integration effectively.
0/3
Testing Transactions in the Sandbox Environment
Using Logs and Postman for Debugging
Moving to Production
00:00
Security and Best Practices
This topic covers the critical aspects of securing your Mpesa integration by properly managing API keys and tokens, handling errors in a way that improves the user experience, and complying with Mpesa’s integration guidelines. Following these practices ensures that your integration is secure, reliable, and in line with best practices, minimizing the risk of fraud and ensuring smooth operations.
0/3
Securing Your API Keys and Tokens
Handling Errors Gracefully
Complying with Mpesa Integration Guidelines
Real-World Application
This topic explores how Mpesa can be seamlessly integrated into real-world applications, particularly e-commerce platforms. It covers integrating payment systems, customizing user experiences to enhance payment flows, and using analytics for business insights. By the end of this topic, learners will understand how to leverage Mpesa for creating smoother and more efficient payment processes, as well as tracking transactions for actionable insights.
0/3
Integrating Mpesa into an E-Commerce Platform
Customizing User Experiences with Mpesa Payments
Analytics and Reporting
Build a Payment Gateway with Mpesa
In this project, learners will apply the skills acquired throughout the course to build a functional payment gateway integrated with Mpesa. The project will walk through the entire process, from backend setup and API integration to handling transactions and user feedback. By the end of this topic, learners will have developed a working payment gateway and be ready to present their projects for review and feedback.
0/3
Step-by-Step Implementation of a Working Payment Gateway
Presenting Your Project for Feedback
Final Project Submission
Introduction to Mpesa Integration
Gain an understanding of Mpesa’s role in facilitating mobile payments. Learn about its features, real-world applications, and benefits in businesses. This module covers the prerequisites for starting your Mpesa integration journey.
0/2
Overview of Mpesa services and APIs
11:02
Requirements for Mpesa Integration
00:45
Setting Up The Environment
In this topic, you learned how to set up the environment for Mpesa integration. This includes registering on the Mpesa Daraja Portal, acquiring API credentials, and using tools like Postman and Ngrok for development and testing. You also set up a local server, configured callback URLs, and simulated transactions in the sandbox environment. Finally, you prepared for production by understanding the approval process and transitioning to live operations. These steps form the foundation for successfully integrating Mpesa APIs into your application.
0/4
Tools and platforms needed (Postman, Ngrok, etc.)
Registering for Mpesa Daraja API
Overview of sandbox and production environments
Tools, Registration, and Environments Quiz
Understanding Mpesa APIs
This topic provides an overview of the various Mpesa APIs available for integration. You will learn about the key API services that facilitate mobile money transactions, such as the STK Push, C2B, B2C, and Account Balance APIs. Understanding how each API works will help you design robust and efficient payment systems, and ensure seamless transactions between businesses and customers.
0/3
Mpesa API documentation walkthrough
Authentication: Consumer Key and Secret
Key API Endpoints: STK Push, C2B, B2C, Balance Inquiry
Mpesa Integration – Daraja API :Crash Course
Applying the skills acquired throughout the course, the video below will guide you to build a functional payment gateway integrated with Mpesa. The project will walk through the entire process, from backend setup and API integration to handling transactions and user feedback. By the end of this topic, you will have developed a working payment gateway and be ready to present your projects for review and feedback.
0/2
Using Node.Js
Using PHP
M-Pesa Integration MasterClass
About Lesson

1. Mpesa Authentication Process

Objective: Understand how Mpesa authenticates API requests and the importance of access tokens.

  • What is Authentication in Mpesa?
    Mpesa APIs use OAuth 2.0 for authentication. To access Mpesa services, you must generate an access token using your consumer key and consumer secret, which are provided during Daraja API registration.

  • Why Use Access Tokens?
    Access tokens serve as temporary keys that grant secure access to Mpesa’s API endpoints. Tokens are valid for a limited time (e.g., 1 hour).

  • Steps in Authentication:

    • Encode the consumer key and secret using Base64.
    • Send them in the HTTP Authorization header to the OAuth endpoint.
    • Receive an access token in the response.

2. API Endpoint

Objective: Familiarize yourself with the endpoint used for generating access tokens.

  • OAuth API Endpoint:
    The Mpesa OAuth endpoint is as follows:

    https://sandbox.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials

  • HTTP Method:
    The endpoint uses the GET method.

  • Headers:
    You must include the following headers in your request:

    • Authorization: This contains the Base64-encoded string of consumerKey:consumerSecret.
    • Example Header: 
      Authorization: Basic Base64Encoded(consumerKey:consumerSecret)

3. Code Implementation

Objective: Implement a function to automate the token generation process.

  • Example in PHP:

    function generateAccessToken() {
    $consumerKey = 'your_consumer_key';
    $consumerSecret = 'your_consumer_secret';
    $credentials = base64_encode("$consumerKey:$consumerSecret");

    $url = "https://sandbox.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials";

    $curl = curl_init();
    curl_setopt($curl, CURLOPT_URL, $url);
    curl_setopt($curl, CURLOPT_HTTPHEADER, ["Authorization: Basic $credentials"]);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

    $response = curl_exec($curl);
    curl_close($curl);

    $result = json_decode($response);
    return $result->access_token;
}

  • Example in Node.js:

    const axios = require('axios');

async function generateAccessToken() {
    const consumerKey = 'your_consumer_key';
    const consumerSecret = 'your_consumer_secret';
    const credentials = Buffer.from(`${consumerKey}:${consumerSecret}`).toString('base64');

    try {
        const response = await axios.get(
            'https://sandbox.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials',
            { headers: { Authorization: `Basic ${credentials}` } }
        );
        return response.data.access_token;
    } catch (error) {
        console.error('Error generating access token:', error.message);
    }
}

4. Error Handling

Objective: Anticipate and handle issues during token generation.

  • Potential Errors:

    • Invalid Credentials: Occurs if the consumer key or secret is incorrect.
    • Network Issues: Caused by poor connectivity or server downtime.
    • API Limitations: Repeated requests may trigger rate limits.

  • How to Handle Errors:

    • Validate consumer key and secret before making the request.
    • Use try-catch blocks (in Node.js or Python) or check curl_exec errors (in PHP).
    • Log error responses for debugging.

5. Testing Access Token Generation

Objective: Verify your implementation works as expected.

  • Using Postman:

    1. Create a new request.
    2. Set the request type to GET and paste the OAuth endpoint URL.
    3. Add a header:
      • Key: Authorization
      • Value: Basic Base64Encoded(consumerKey:consumerSecret)
    4. Click Send.
    5. Inspect the response body for the access token.

  • Sample Response:

    {
    "access_token": "hq0Xh...Cw",
    "expires_in": "3599"
}
Previous
Next