How to get your MPESA consumer, secret and passkeys for API integration (Daraja 2.0)

We are attempting to get the following 4 things:

  • Paybill or Till number / Store number (in case you are using a Till number)
  • M-PESA consumer key
  • M-PESA secret key
  • M-PESA passkey

Prerequisites

  • Internet Browser
  • Paybill or Till number (with withdraw to bank option)
  1. Obtain Admin Access to the G2 Portal

Safaricom has a portal known as the G2 portal which Paybill users can access their accounts. The link can be found here: https://org.ke.m-pesa.com/orglogin.action
However, you need to request access by filling out the following form:

Ensure it is signed and stamped by all the directors (single director if it’s a sole proprietorship). Attach copies of all your IDs and include a board resolution requesting for an Admin account (Also signed and stamped). Send the documents to: M-PESABusiness@safaricom.co.ke.

2. Setting up Web Operators

Prior to the current set up, Safaricom required you obtain a certificate so you can access the site. This has thankfully been abandoned in exchange for an OTP sent to the Admin’s phone number. After receiving your Admin credentials we now have to login to the platform and set up our account.

Login screen for Safaricom’s G2 Platform.

Input the OTP (One Time Passcode) sent to your phone number:

OTP input screen

Once you have logged in, click on the Browse Organization Section

Browse Organization Section of the platform

We now proceed to add an operator. Click on Operator and then add

Add Operator Screen on the Safaricom G2 Portal

We need to create an API User (API operator). Proceed to select API under Access channel as shown below and click Next:

Fill in an API Username

Under Rule Profile, be sure to select Web Operator Rule Profile:

Select Web Operator Rule profile

Next, it’s time to select the permissions of the API user. Click on Add just below and select the following permissions:

API user permissions
  • Org B2C API initiator
  • Bundle Purchase Org initiator
  • Balance Query ORG API
  • B2B Org API initiator
  • Transaction Status Query ORG API

Of course, these permissions can be adjusted depending on your particular use case. If you are unsure, however, use the above list. Proceed to the Next step.

The next screen is a KYC screen (Know Your Customer). Ensure all the details filled are correct. Most importantly under the Preferred Notification Channel, select SMS. Input the phone number of choice and proceed next. Use the following format: 254722123456.

Pay attention to the phone number format.

Click on Submit to finally create your API User.

We now need to create a Web Operator to access the platform later.

Please Note:

Web Operators have a default password expiry period after 90 days. Be sure to regularly change your web operator password or your account will go dormant, and you’ll have to contact Safaricom to activate it.

Click on Operators and Add once again 🙂

It’s time to add another User, yay!

Select the Web Access Channel now.

select the Web Access Channel now

Enter a memorable Username, be sure to take note of it. We’ll need this to login to the account later.

Enter a Web Username. Be sure to note it down for later.

Under Rule Profile, select the Web Operator Rule Profile:

Select the Web Operator Rule Profile

It’s time to assign permissions to our new user. Select Add and now we Add a series of new roles.

Permission List available

The permissions I would recommend you add are the following:

  • Business Manager
  • Business Web Operator
  • Balance Query Org API
  • Set Restricted Org API Password
  • Transaction Status Query Org API

Ensure the Set Restricted Org API PASSWORD permission is selected. We will make use of it in a little while.

Hit Next and proceed to the KYC screen:

KYC screen, be sure to input correct details

Remember to use the number format 254XXXYYYYYY and SMS as your Preferred Notification Channel.

Click on Submit to finally create your web operator.

You will receive an SMS on the number you listed containing your Username and Password. This password is temporary and you will be required to change it once you input it. So let’s log out and log in with the details provided.

Ignore the red icons, that’s my password manager doing it’s job 🙂

Pick a memorable but secure password. Next, we login to our web operator user with our password.

You will notice the platform has a couple of extra tabs. Let’s make use of one of them. Navigate to Search and click on Operator.

It’s time to search for an Operator.

Our goal is to assign a password to our newly created API User.

On this Operator screen, search for your API user that you created earlier and click on search. Remember the first user we created?

Fill in the Username of the API User

Once the search is successful, the user should show up. Click on the notepad icon at the very end of the user to edit the details shown below.

Click on the highlighted icon.

The API User profile screen should show up. We can edit most details as we see fit including assigning or revoking permissions. However, in our case, we are only interested in assigning a new password.

User Profile Screen on Safaricom G2 Platform

Click on Set Password and set a secure but memorable password for your API user.

Set a memorable but secure password.

Please Note:

Unlike the Web Operators the API User Passwords do not have an expiry date. I would highly recommend you follow this password guide to help you set up a secure password.

We are now done with the first part of setting up the keys. Take note of the users we have created; we will use them in the next step.

3) Setting Up the Safaricom Daraja Portal

We now have to assign those users to a Safaricom developer account. It’s time to visit the following URL: Daraja — Safaricom Developers’ Portal

We need to sign up for a Safaricom Developer account.

Sign up for a Safaricom Daraja portal account.

Please Note:

This process can be pretty frustrating because Safaricom sends you an OTP to verify your account with a pretty short expiry window. It doesn’t help that there’s sometimes delays, so the emails may arrive late. If this happens just keep retrying until you get it right.

Once we have sign up for a new account it is time to go back to the login and login to the account. Once you do, you’ll be greeted by the following Dashboard page.

Safaricom Daraja Dashboard

Click on the Go Live section. Fill in the details required, which include:

  • The Organization Short Code (Paybill Number / Store Number if it’s a till).
  • The Organization Name (Use the exact name that shows up on the Safaricom G2 Platform).
  • M-PESA Username (I would recommend you use the Web Operator User we just created).
Go Live Safaricom Developer Portal Screen

Accept the terms and conditions and proceed to the next step. Previously we required User testcases but that was thankfully removed (phew!). You will then receive an OTP and asked to select a product. You might as well check everything available.

I can only show the Sandbox screen because I already have an existing app.

Once that is done, you can now create an app (An app provides the credentials necessary). It may take some time for it to be approved. Once done, to view the app created, click on the highlighted dropdown.

Click on the drop down and select your company name.

You’ll now view the app details as shown below

Your app should be green and not red, this one is inactive for use in this tutorial.

Congratulations!!! You now have the consumer key and consumer secret, however we still need the passkey. Fortunately, the pass key will be emailed to you a little later after the app is activated. Be sure to check all folders including spam to find it.

Please Note:

Unfortunately, there’s a bizarre error that occurs if you received your Paybill earlier than the creation of this V2 platform especially if you received the pass key a little earlier. Some V2 apis do not work! You will have to change the url to include v1 to account for this. If you are in a position where you don’t know how long ago the customer Paybill was created, account for both scenarios e.g.

Try the first url: https://api.safaricom.co.ke/mpesa/c2b/v1/registerurl

if it fails, switch to v2: https://api.safaricom.co.ke/mpesa/c2b/v2/registerurl

Hopefully this helps a couple of those devs out there who don’t know why some Paybills are not working.

With that you are now done. Feel free to reach out if you encounter any issue and best of luck on your application!

administrator
founder & C.E.O Zillah Technologies LTD Software Developer | Penetration Tester | Cloud Computing | ICT Trainer & Facilitator

    Leave a Reply

    Your email address will not be published. Required fields are marked *