To process payments through M-Pesa, you’ll need to connect your Safaricom Daraja API credentials to MpesaFlow. We support both development (sandbox) and production credentials. Each environment uses a separate set of credentials for safety.

How Credentials Work

Credentials are used to authenticate with Safaricom’s Daraja API when sending a payment request. MpesaFlow uses these credentials to securely request access tokens from Safaricom.
Although we auto-assign sandbox credentials in the development environment, you can also bring your own test credentials. Only use test credentials provided by Safaricom for development.
You can manage your credentials in the MpesaFlow dashboard → Need help getting your Daraja credentials? Read the guide →

Authorization (Consumer Key & Secret)

When MpesaFlow makes a request to Daraja, it must first authenticate using your:
  • Consumer Key
  • Consumer Secret
These are used to request an access token, which is then used to authorize M-Pesa transactions. MpesaFlow handles the token exchange securely behind the scenes. You don’t need to manage this process manually.

M-Pesa Express Request

We use your credentials to send M-Pesa Express (STK Push) requests to Safaricom. This includes:
  • Amount to charge
  • Customer’s phone number
  • Account reference and transaction description
You can configure these values through the MpesaFlow API or SDK when initiating a payment. For example, a typical payment might include: 
{
  "amount": "100",
  "phoneNumber": "254712345678",
  "transactionDesc": "Product Payment",
  "accountReference": "MyBusiness"
}