M-PESA is a mobile money transfer service introduced by Safaricom in 2007. M-PESA allows users to deposit, withdraw, pay for goods and services using Lipa Na M-PESA(which we are going to cover) and much more.
A couple of months back, Safaricom introduced the Daraja API(Daraja meaning bridge in Swahili) as a way to bridge the gap with developers who had a difficult time with the G2 API which used a SOAP protocol.
The Lipa Na M-PESA Online API is an API that utilizes STK Push for C2B. This eliminates the previous inconvenience of having to remember paybill or till numbers as this is handled on the backend leaving the customer to only input the M-PESA PIN number.
M-PESA automatically processes the request and sends the response back to the API which then forwards it to the callback URL provided. Also, to avoid phishing, I suggest that you at least complete one of 5 consecutive STK push requests in order for your line not to be blocked from accessing the API for 24hrs. I will demonstrate the integration of this API in this post step by step, I urge you to follow through promptly as this is a lengthy but simple process.
First you have to create a developer account on the Safaricom Developer Portal here. Once you are logged in, click on Add A New App and write the name of your application.
Next, select the APIs that you would like your app to access, in this case we will choose Lipa Na M-PESA Sandbox and M-PESA Sandbox and click on Create App.
The next step involves generating OAuth Token. This is required in order to authenticate your APIs. Click on the APIs tab on the top menu and click on the OAuth API then click on Generate Token.
I suggest that you open another tab on your browser and navigate to your app. We need the Consumer Key and Consumer Secret in order to generate the token. Copy them and click on Set Credentials.
This will bring up a pop-up menu where your will enter them and click on Save. Next, click on Send this request and you should get a 200 OK response from the server.
Next, you should copy the access token provided and click on APIs once again and click on M-PESA Express then M-PESA Express Request. Read through the description of various parameters and then copy your access token on the Authorization textbox in the format Bearer xxxxx(xxxxx being your access token).
On the Request Body, we need to fill in credentials for the JSON schema provided. Click on Get Test Credentials which will open in a new tab. Generating the password has been a challenge for many developers as many flop on the format to generate it.
We will go through it below. Go to https://base64encode.org/. I will use 174379 which is a test Business shortcode. The format for generating the password is Business Shortcode,Lipa Na Mpesa Online Passkey followed by the Timestamp in the format YYMMDDHHSS; combine the three without spacing. So assuming at the time of writing this article, the date is 2019–08–16 and the time is 11:26:12, my timestamp will be 20190816112612. Combine them and click on Encode. Copy the code as your password for the JSON.
For the timestamp use the YYMMDDHHSS format of your current time. Enter amount(I’ll use KSHs 10). Use your phone number as Party A, the Business Shortcode as Party B, for the PhoneNumber we will again use our phone number. For the callback URL we will head over to http://mpesa-requestbin.herokuapp.com/ and click on Create A Requestbin to generate a callback URL. Copy the url created as your callback URL.
For the Account Reference we can write any format for our transaction as well as the Transaction Description.
That’s it for the server side on the Safaricom end. In the next part we are going to create a simple Android application that consumes this API.
You can read the next part here.