M-Pesa Africa Mobile Money API
M-Pesa mobile money REST API (via Safaricom Daraja platform) for Kenyan and African businesses to send and receive money through M-Pesa mobile wallets, enabling C2B (customer to business) collections, B2C disbursements, B2B transfers, STK Push (Lipa Na M-Pesa) checkout, account balance inquiry, and transaction status for Kenya's dominant mobile money platform with 30M+ users across East Africa. Enables AI agents to manage STK Push payment request for Kenya mobile checkout automation, handle C2B payment registration for Kenya business collection automation, access B2C disbursement for Kenya payout and salary automation, retrieve transaction status for M-Pesa payment confirmation automation, manage account balance inquiry for M-Pesa wallet balance automation, handle B2B payment for Kenya business-to-business transfer automation, access reversal API for M-Pesa transaction reversal automation, retrieve C2B validation for Kenya payment verification automation, manage QR code generation for Kenya contactless payment automation, and integrate M-Pesa with Kenyan e-commerce, payroll, utility, and enterprise platforms for end-to-end Kenya and East Africa mobile money automation.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Africa mobile money. CBK-licensed. OAuth2 + RSA. KE. Mobile wallet transaction data.
⚡ Reliability
Best When
A Kenyan or East African business wanting AI agents to automate mobile money collection, disbursement, and STK Push checkout through Safaricom's M-Pesa Daraja API — Africa's most widely used payment platform.
Avoid When
SANDBOX USES DIFFERENT PHONE NUMBERS: M-Pesa Daraja sandbox uses specific test phone numbers (not real Kenyan numbers); automated sandbox testing must use Safaricom-provided test MSISDNs; automated real phone number in sandbox creates 'subscriber not registered' in test environment. STK PUSH IS ASYNC — USER MUST ACCEPT ON PHONE: M-Pesa STK Push sends prompt to consumer's phone; automated checkout must wait for consumer action not expect synchronous result; automated immediate fulfillment after STK initiation creates premature fulfillment before consumer accepts. B2C REQUIRES INITIATOR CREDENTIALS: M-Pesa B2C disbursement requires InitiatorName and SecurityCredential (encrypted password) in addition to OAuth; automated B2C must configure initiator credentials separately from OAuth; automated OAuth-only B2C attempt creates missing_initiator_credentials error. CALLBACK URL MUST BE PUBLIC HTTPS: M-Pesa requires publicly accessible HTTPS callback URL for all async results; automated webhook must expose public HTTPS endpoint; automated localhost callback creates M-Pesa unable to deliver result notification.
Use Cases
- • Initiating STK Push for Kenya e-commerce mobile checkout agents
- • Disbursing B2C payments for Kenya salary and beneficiary payment agents
- • Registering C2B collection URLs for Kenya business payment agents
- • Confirming M-Pesa transaction status for Kenya payment fulfillment agents
Not For
- • Non-Kenya/East Africa payments (M-Pesa Daraja API is Kenya-focused; other markets have different APIs)
- • Large international wire transfers (M-Pesa is mobile money for sub-$1000 transactions typically)
- • Credit card processing (M-Pesa is mobile wallet, not card)
Interface
Authentication
M-Pesa Daraja uses OAuth 2.0 (client credentials) for API authentication, plus SecurityCredential for B2C/B2B. REST API with JSON. Nairobi, Kenya (Safaricom). M-Pesa launched 2007 by Safaricom (Vodafone/Safaricom JV). Products: STK Push (Lipa Na M-Pesa Online), C2B, B2C, B2B, QR Code, Account Balance, Transaction Status, Reversal. SDKs: Node.js, Python, PHP, Java. CBK-licensed. 30M+ users. Available in Kenya, Tanzania, Uganda, Ghana, Egypt, Mozambique, DRC, Lesotho, Ethiopia. Africa's largest mobile money platform.
Pricing
Nairobi KE. Safaricom/Vodafone. Per-transaction KES fees. CBK licensed. Business account required.
Agent Metadata
Known Gotchas
- ⚠ ALL OPERATIONS ARE ASYNC WITH CALLBACKS: M-Pesa STK Push, B2C, B2B, and reversals are all async; automated flow must use callback URL for result; automated synchronous result expectation after initiation creates missing result (result delivered to callbackURL not response body)
- ⚠ STK PUSH REQUIRES CONSUMER ACTION: M-Pesa STK Push sends PIN prompt to consumer phone; automated checkout must wait for callback; automated business logic after STK initiation without awaiting callback creates premature processing before consumer enters PIN
- ⚠ B2C SECURITY CREDENTIAL IS RSA-ENCRYPTED: M-Pesa B2C requires SecurityCredential = base64(RSA_encrypt(password, M-Pesa_public_cert)); automated B2C must encrypt password with M-Pesa public certificate; automated plaintext password in SecurityCredential creates invalid_security_credential
- ⚠ SANDBOX AND PRODUCTION HAVE DIFFERENT CREDENTIALS: M-Pesa sandbox consumer key/secret differ from production; automated environment promotion must update all credentials; automated sandbox credentials in production creates invalid_client
- ⚠ ORIGINATOR CONVERSATION ID FOR DEDUPLICATION: M-Pesa supports OriginatorConversationID for deduplication; automated retry must use same OriginatorConversationID; automated new ID on retry creates duplicate B2C disbursement if original succeeded after timeout
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for M-Pesa Africa Mobile Money API.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-07.