If customers keep asking "can I pay via M-Pesa?" and you're sending them to your Paybill manually, you're losing sales every single day.
M-Pesa is how Kenya pays. Over 30 million Kenyans use M-Pesa monthly, and for most SMBs it's the single most important payment method to have on your website. Yet most business websites in Kenya still don't have it properly integrated.
This guide explains exactly how M-Pesa website integration works: what it involves technically, how much it costs, how long it takes, and what you need before you start.
What "M-Pesa Integration" Actually Means
There are two very different things people mean when they say "M-Pesa on my website":
Option A: Displaying your Paybill/Till number: Your developer puts your Paybill number on the website. Customers copy it, open their M-Pesa app, and pay manually. You receive no automatic confirmation, no order update, nothing. Takes 30 minutes, costs almost nothing.
Option B: Real M-Pesa STK Push integration: A customer clicks "Pay with M-Pesa", enters their phone number, and immediately receives a push notification on their phone. They enter their PIN, payment goes through, and your website automatically confirms the order. This is real integration.
If you want to run a proper online business, especially an e-commerce shop, you need Option B.
Paybill Display vs Real STK Push
| Feature | Paybill Display | STK Push Integration |
|---|---|---|
| Customer experience | Manual (they initiate) | Seamless (push notification) |
| Auto payment confirmation | โ No | โ Yes |
| Auto order processing | โ No | โ Yes |
| Receipt sent automatically | โ No | โ Yes |
| Reduces abandoned payments | โ No | โ Yes |
| Development required | โ No | โ Yes |
How M-Pesa STK Push Works on a Website
Here's what happens from the customer's perspective when STK Push is properly integrated:
- Customer selects items and clicks "Pay with M-Pesa"
- They enter their phone number (e.g. 0712 345 678)
- Immediately, they receive a push notification on their phone
- They enter their M-Pesa PIN to confirm
- Payment is processed in 3โ10 seconds
- Your website automatically confirms the order
- Customer sees "Payment Successful" screen
- Automated receipt sent to both customer and your email
Behind the scenes, this uses Safaricom's Daraja API, the official M-Pesa API that connects your website to the M-Pesa network.
What You Need Before You Start
1. A Registered Safaricom Business Account
You need either a Paybill number or a Buy Goods / Till number. If you don't have one yet, register at safaricom.co.ke or visit a Safaricom Business Centre.
2. A Safaricom Daraja Developer Account
Your developer registers at developer.safaricom.co.ke to get API credentials. This is free.
3. API Credentials from Safaricom
Once approved, you'll receive a Consumer Key, Consumer Secret, Passkey, and your Shortcode. This takes 3โ10 business days with Safaricom.
4. A Kenyan Registered Business
Your Safaricom business account must be registered to a valid Kenyan business. Personal M-Pesa accounts cannot be used for website integrations.
The Integration Process Step by Step
Here's how WPfoss handles an M-Pesa integration project:
Setup & Credentials
Client applies for Safaricom API access (we help with this). Developer registers on Daraja. Sandbox environment set up for testing. Initial integration built using test credentials.
Development & Testing
STK Push flow implemented and tested. Payment confirmation (callback URL) set up. Order status updates connected. Automated receipt emails configured. Edge cases tested: failed payments, timeouts, duplicate requests.
Go Live
Production API credentials received. Switch from sandbox to live. Real transaction testing with small amounts (KES 1). Monitoring set up. Handover and documentation.
How Long Does It Take?
The development itself takes 5โ10 business days. The variable is Safaricom. Getting live API credentials can take 3 business days to 3 weeks depending on your business documents and current processing times.
Our advice: Start the Safaricom application process before you even brief your developer. That way, by the time development is done, credentials are ready.
Common Problems to Avoid
- Developer uses their own Safaricom credentials: Always verify the integration uses your Paybill/Till, not theirs.
- No error handling for failed payments: When a customer's payment fails, the site should let them retry gracefully.
- Callback URL not working: If Safaricom can't reach your callback URL, your site never confirms payment even when money was received. Test this thoroughly.
- Sandbox vs production confusion: Always test with a real KES 1 transaction before announcing the site is live.
- No transaction logs: Log every M-Pesa attempt. Without logs, troubleshooting payment issues is nearly impossible.
Frequently Asked Questions
Can I add M-Pesa to any website?
Yes. M-Pesa STK Push can be integrated into any website, including custom HTML/PHP, React, or any other technology. Your website must have a live HTTPS server for the callback URL to work.
Do I need a Paybill number for M-Pesa integration?
Yes. For business M-Pesa integrations, you need either a registered Paybill or Buy Goods (Till) number from Safaricom. Personal M-Pesa accounts cannot be used.
What is the Safaricom Daraja API?
The Daraja API is Safaricom's official developer platform allowing businesses to integrate M-Pesa into websites, apps, and systems. Access it at developer.safaricom.co.ke.
Is M-Pesa integration safe for customers?
Yes. The STK Push process is secured by Safaricom's infrastructure. Your website never handles, stores, or sees the customer's M-Pesa PIN.
Want M-Pesa on your website?
WPfoss has integrated M-Pesa into multiple Kenyan business websites. Get in touch and we'll tell you exactly what it involves for your site.
Get in Touch