Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.moflay.com/llms.txt

Use this file to discover all available pages before exploring further.

Moflay uses saved Daraja credentials to authenticate with Safaricom and send M-Pesa Express payment requests for the selected environment.

What credentials Moflay uses

Depending on the environment and credential type, you may need:
  • Consumer key
  • Consumer secret
  • Business shortcode
  • Passkey
  • Account reference
  • Short code type, such as till or paybill

How credentials are used

When your app creates a payment, Moflay selects the credentials for the API key’s business and environment. Moflay then authenticates with Daraja and sends the STK push request to Safaricom.
You do not need to build your own Daraja token exchange when you use Moflay.

Sandbox vs production

EnvironmentCredential behavior
SandboxYou can usually start with assigned test credentials, then optionally add your own Daraja sandbox credentials.
ProductionYou must provide your own verified live credentials before real payments can be processed.

Manage credentials in the dashboard

  1. Open Credentials.
  2. Select sandbox or production.
  3. Enter or review the credential fields.
  4. Save the configuration.
  5. Run an environment-specific payment test.

Verify the result

Your credential setup is working when:
  • Sandbox payments work with a mof_test_ API key.
  • Production payments work with a mof_live_ API key after live credentials are verified.
  • The dashboard shows the payment in the same environment as the API key.

Security

Moflay encrypts sensitive Daraja credential fields before storage and scopes credentials to your business and environment. Read Credential security for details on encryption, scoping, and operational precautions.