To process payments through M-Pesa, you’ll need to connect your Safaricom Daraja API credentials to Moflay.
We support both sandbox and production credentials. Each environment uses a separate set of credentials for safety.
How Credentials Work
Credentials are used to authenticate with Safaricom’s Daraja API when sending a payment request. Moflay uses these credentials to securely request access tokens from Safaricom.
Although we auto-assign sandbox credentials in the sandbox environment, you can also bring your own test credentials. Only use test credentials provided by Safaricom for development.
Authorization (Consumer Key & Secret)
When Moflay makes a request to Daraja, it must first authenticate using your:
- Consumer Key
- Consumer Secret
These are used to request an access token, which is then used to authorize M-Pesa transactions.
Moflay handles the token exchange securely behind the scenes. You don’t need to manage this process manually.
M-Pesa Express Request (Passkey, Business Shortcode & Account Reference)
We use your credentials to send M-Pesa Express (STK Push) requests to Safaricom. This includes:
- Amount to charge
- Customer’s phone number
- Account reference
- Transaction description
- Business Short Code
- The type of Business Short Code
- The Password which is a base 64 encode of
Business Short Code, Passkey and the Timestamp
You can configure these values through the Moflay API or SDK when initiating a payment.
For example, a typical payment might include:
{
"amount": 100,
"phoneNumber": "254712345678",
"description": "Product Payment",
"accountReference": "MyBusiness"
}
