How to Set Up mySafaricom Integration in Minutes
If you run a business or a developer looking to tap into Safaricom services, you probably heard about mySafaricom integration. It sounds tech‑heavy, but the process is actually straightforward. In this guide we break down each step, share tips to skip the usual hiccups, and point out where you can get help if you get stuck.
Why Use mySafaricom Integration?
First off, let’s answer the why. Connecting your app to mySafaricom lets you accept mobile money, verify user numbers, and push notifications directly through Safaricom’s network. That means faster payments, lower fees, and a smoother experience for your customers who already use M‑Pesa or other Safaricom services.
Another win is trust. Safaricom is a big brand in Kenya, so users are more likely to complete a transaction when they see a familiar logo. The API also follows strict security rules, so you don’t have to reinvent encryption or fraud‑prevention layers.
Step‑by‑Step Setup
1. Register for a Developer Account
Head over to the Safaricom developer portal and sign up with your business email. You’ll need to verify the email and fill out a short form about your app’s purpose. This registration unlocks the sandbox environment where you can test without real money.
2. Get Your API Keys
After approval, the portal will generate a consumerKey and consumerSecret. Keep these in a secure place – treat them like passwords. You’ll use them to request an OAuth token for every API call.
3. Set Up the OAuth Flow
Make a POST request to the token endpoint:
POST https://sandbox.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials
Authorization: Basic base64(consumerKey:consumerSecret)
The response gives you an
access_token. Store it in a short‑lived cache; it expires after an hour.
4. Choose the Service You Need
Common endpoints are:
/mpesa/stkpush/v1/processrequest – triggers a payment prompt on the user’s phone./mpesa/c2b/v1/simulate – useful for testing incoming payments./identity/v1/verify/msisdn – verifies a phone number belongs to the subscriber.
Pick the one that matches your workflow and read the JSON payload requirements.
5. Build the Request
Here’s a quick example for an STK push:
POST https://sandbox.safaricom.co.ke/mpesa/stkpush/v1/processrequest
Authorization: Bearer {access_token}
Content-Type: application/json
{
"BusinessShortCode": "174379",
"Password": "Base64EncodedPassword",
"Timestamp": "20230915120000",
"TransactionType": "CustomerPayBillOnline",
"Amount": "1000",
"PartyA": "254712345678",
"PartyB": "174379",
"PhoneNumber": "254712345678",
"CallBackURL": "https://yourdomain.com/callback",
"AccountReference": "Order123",
"TransactionDesc": "Payment for Order 123"
}
Make sure the timestamp follows the format
YYYYMMDDHHMMSS. The password is a base64 string of BusinessShortCode + Passkey + Timestamp.
6. Handle Callbacks
Safaricom will POST the transaction result to the CallBackURL> you supplied. Set up a simple endpoint that reads the JSON, verifies the ResultCode, and updates your order status. Log the full payload – it helps troubleshoot issues later.
7. Move to Production
Once you’ve tested all flows in sandbox, request production credentials from the portal. The production URLs are the same, just without the /sandbox segment. Remember to swap your sandbox keys for live ones and run a fresh OAuth request.
That’s the core workflow. You can now accept M‑Pesa payments, verify numbers, and build richer experiences for Kenyan users.
Tips to Avoid Common Pitfalls
- Always double‑check the phone number format – it must start with the country code
254 and have no plus sign.
- If you get a 401 error, your token is probably expired or the keys are wrong. Refresh the token and retry.
- Use HTTPS for your callback URL. Safaricom rejects non‑secure endpoints.
- Log every request and response. When a payment fails, the logs tell you whether it was a network glitch or an invalid payload.
By following these steps, you’ll have a solid mySafaricom integration up and running without spending weeks figuring it out. Good luck, and happy coding!
