WooCommerce powers more Kenyan online stores than any other e-commerce platform. It is free, you own it completely, and it integrates cleanly with the payment method most Kenyan customers actually use: M-Pesa.
This guide walks through everything you need to accept M-Pesa payments on a WooCommerce store, from the initial Daraja API setup all the way through testing and going live. Whether you are running an online fashion shop, an electronics store, a subscription box, or a food delivery service, the integration pattern is the same.
We have integrated M-Pesa into dozens of Kenyan WooCommerce stores. By the end of this guide you will understand the full flow, the two main integration paths, what each costs, and what to test before launching.
- Why M-Pesa on WooCommerce
- How M-Pesa Checkout Works on WooCommerce
- What You Need Before You Start
- Two Paths: Plugin vs Custom Daraja
- Path A: Plugin-Based Integration (Step by Step)
- Path B: Custom Daraja Integration (Step by Step)
- Testing in Sandbox and Going Live
- Common Configurations: STK, Paybill, Till, B2C
- Pricing and Timelines
- Best Practices for a Smooth Launch
- Frequently Asked Questions
Why M-Pesa on WooCommerce
Roughly 96% of Kenyan adults have an M-Pesa account. Compare that to credit card penetration of about 6%. If you sell to Kenyan customers and you do not accept M-Pesa at checkout, you are leaving most of your addressable market on the table.
The good news is that WooCommerce and M-Pesa work together exceptionally well. WooCommerce gives you the cart, product catalogue, and order management. Safaricom's Daraja API gives you a clean way to charge customer phones, receive confirmations, and reconcile transactions automatically.
How M-Pesa Checkout Works on WooCommerce
From the customer's perspective, the flow is simple. From your end, here is exactly what happens behind the scenes when a customer pays:
The STK Push Checkout Flow
- Customer adds items to their cart and clicks Checkout.
- At payment selection, they pick "Lipa Na M-Pesa" and enter their phone number.
- WooCommerce sends a request to your server, which forwards it to Safaricom's Daraja API.
- Safaricom pushes an STK prompt to the customer's phone within 2 to 3 seconds.
- The customer enters their M-Pesa PIN to authorise payment.
- Safaricom processes the payment and sends a callback to your WooCommerce store.
- Your store automatically marks the order as paid, sends a receipt email, and triggers your normal fulfilment workflow.
The whole thing takes about 10 to 15 seconds from clicking Checkout to a paid order in your admin dashboard. No manual reconciliation, no chasing SMS confirmations, no double-checking who sent what.
What You Need Before You Start
Make sure you have these in place before kicking off the integration:
1. A Working WooCommerce Store
You need WooCommerce installed and running on WordPress, with at least one product, a tax setup, and a shipping zone configured. If you have not built your store yet, see our guide to starting an online shop in Kenya for the full build flow.
2. SSL Certificate (HTTPS)
Daraja API will only callback to HTTPS endpoints. If your store runs on plain HTTP, Safaricom will reject the integration. Most hosting providers offer free Let's Encrypt SSL. If your store is not yet secured, set this up first.
3. A Registered Safaricom Business Account
You need either a Paybill Number or a Till Number (Buy Goods) registered with Safaricom under your business. Personal M-Pesa accounts cannot be used for website integrations.
4. A Daraja API Developer Account
Register a free developer account at Safaricom. This is where you create API apps, get your Consumer Key and Consumer Secret, and request go-live approval.
5. Your Daraja API Credentials
Once you create an app inside the Daraja portal, you will receive:
- Consumer Key: your app's identifier
- Consumer Secret: your app's password
- Pass Key (Lipa Na M-Pesa Online): a separate key for STK Push, requested after go-live
- Shortcode: your Paybill or Till number
- Initiator credentials: needed for B2C payouts and balance queries
Two Paths: Plugin vs Custom Daraja
You have two ways to bridge WooCommerce and Daraja:
Path A: Plugin-Based
Best for: Most Kenyan WooCommerce stores under 5,000 orders per month.
Time to launch: 5 to 10 working days.
Cost: ksh 5,000.
Use a maintained M-Pesa plugin to handle the Daraja integration. You configure your Daraja credentials in the plugin settings, point your callback URL at Daraja, and you are done. This covers about 90% of use cases.
Path B: Custom Daraja
Best for: High-volume stores, marketplaces, subscription products, or businesses needing custom reconciliation.
Time to launch: 2 to 4 weeks.
Cost: From KSh 20,000.
Write a custom WooCommerce payment gateway plugin that talks directly to Daraja. Full control over flow, retries, multi-Paybill routing, B2C refunds, and bespoke reconciliation logic.
Path A: Plugin-Based Integration (Step by Step)
Step 1: Install the WooCommerce M-Pesa Plugin
Several maintained plugins exist on the WordPress repository and elsewhere. Look for one that supports STK Push, has been updated in the last 6 months, and has at least a few thousand active installs. We deploy one we have built and maintain in-house for client work, with proper logging and error handling.
Step 2: Configure Your Daraja Credentials in the Plugin Settings
Inside WooCommerce, navigate to Settings → Payments → M-Pesa. Enter:
- Consumer Key (from your Daraja app)
- Consumer Secret (from your Daraja app)
- Pass Key (received after go-live approval)
- Shortcode (your Paybill or Till number)
- Environment (Sandbox during testing, Production once live)
Step 3: Set Your Callback URL
The callback URL is the address Safaricom calls when a payment completes. The plugin will give you a URL that looks like this:
https://yourstore.co.ke/wc-api/wc_gateway_mpesa_callbackPaste this exact URL into your Daraja app settings under the "Callback URL" field. Make sure your firewall and security plugin do not block it.
Step 4: Enable M-Pesa as a Payment Method
Toggle the M-Pesa payment method on in WooCommerce settings. Set the title customers will see at checkout (commonly "Lipa Na M-Pesa") and a brief description.
Step 5: Run a Sandbox Test Transaction
With the environment still set to Sandbox, place a test order on your store. The plugin should request an STK push, log the request, and (in sandbox) automatically return a success response after a few seconds. Confirm the order moves to "Processing" or "Paid" in your WooCommerce admin.
Step 6: Switch to Production and Go Live
Once sandbox testing passes, change the environment toggle to "Production" in the plugin settings, save your live Pass Key, and place a real KSh 1 test order. If money lands in your Paybill or Till and the order auto-completes, you are live.
Path B: Custom Daraja Integration (Step by Step)
If you need more control or you are running unusual business logic, build a custom WooCommerce payment gateway plugin. Here is the high level:
Step 1: Create a WooCommerce Payment Gateway Class
WooCommerce exposes a clean payment gateway interface. You extend the WC_Payment_Gateway class and implement methods like process_payment(), payment_fields(), and your own custom callback handler.
Step 2: Authenticate With Daraja
Every Daraja API call needs an OAuth access token. Token requests look like this:
POST https://api.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials
Authorization: Basic [base64(consumer_key:consumer_secret)]Cache the token for its lifetime (about 1 hour) to avoid hitting the rate limit on every checkout.
Step 3: Build the STK Push Request
When a customer checks out, send a POST to Daraja's STK push endpoint with the order details:
POST https://api.safaricom.co.ke/mpesa/stkpush/v1/processrequest
{
"BusinessShortCode": "YOUR_PAYBILL",
"Password": "[base64(shortcode + passkey + timestamp)]",
"Timestamp": "20260512143000",
"TransactionType": "CustomerPayBillOnline",
"Amount": 1500,
"PartyA": "254712345678",
"PartyB": "YOUR_PAYBILL",
"PhoneNumber": "254712345678",
"CallBackURL": "https://yourstore.co.ke/wc-api/custom_mpesa_callback",
"AccountReference": "ORDER-1042",
"TransactionDesc": "Payment for Order 1042"
}Step 4: Handle the Callback
Safaricom posts the result to your callback URL. The JSON payload includes a ResultCode of 0 for success and the M-Pesa receipt number. Validate the request originates from Safaricom (IP allow-list), parse the body, update the WooCommerce order status, and store the receipt number against the order for reconciliation.
Step 5: Reconciliation and Logging
Log every request and response. Build a daily reconciliation cron that compares Safaricom transaction records to WooCommerce orders so any mismatches surface within 24 hours.
- M-Pesa integration service, including custom WooCommerce gateways and Daraja API setup.
- E-commerce websites Kenya, full WooCommerce builds with M-Pesa included from day one.
- How to start an online shop in Kenya, the full launch guide.
Testing in Sandbox and Going Live
Sandbox Testing
Daraja's sandbox at developer.safaricom.co.ke gives you test phone numbers and mock responses. Test the following scenarios in sandbox before requesting go-live:
- A successful STK push and callback
- A customer entering the wrong PIN (failed result code)
- A customer cancelling the STK prompt
- A timeout (no response from the customer)
- A duplicate transaction (same order, second STK push)
- A high amount transaction (test transaction limits)
Go-Live Request
Inside the Daraja portal, submit a go-live request with the following documents:
- Certificate of incorporation
- KRA PIN certificate
- Business permit
- National ID of business owners or directors
- Application letter on company letterhead
Safaricom usually approves within 3 to 5 business days. Once approved, you receive your live Pass Key and your shortcode is enabled for production traffic.
Live Smoke Test
Before announcing your store accepts M-Pesa, always run a real KSh 1 transaction from a personal phone. Confirm:
- The STK prompt arrives within 5 seconds
- The payment goes through to your Paybill or Till
- WooCommerce auto-marks the order as paid
- The customer receives an order confirmation email
- The receipt number appears on the order in your admin
Common Configurations: STK, Paybill, Till, B2C
WooCommerce + Daraja supports several payment flows. Pick the ones that fit your business model:
| Flow | What It Does | Best For |
|---|---|---|
| STK Push (C2B) | Customer gets a prompt on their phone, enters PIN, pays. | Standard online checkout. Recommended default. |
| Paybill Confirmation | Customer manually pays Paybill + account number. Your store auto-confirms. | Backup option for customers whose STK fails. |
| Till Number C2B | Customer pays Buy Goods on a Till. Your store auto-confirms. | Retail businesses already using a Till. |
| B2C (Payouts) | Your store sends M-Pesa to customers, vendors, or affiliates. | Refunds, marketplace vendor payouts, cashback. |
| Balance Query | Programmatically check your Paybill balance. | Operational dashboards and accounting. |
| Transaction Status | Query the status of any past transaction. | Customer support and reconciliation tools. |
Pricing and Timelines
Here is what M-Pesa on WooCommerce typically costs in Kenya:
| Package | What's Included | Price | Timeline |
|---|---|---|---|
| Plugin Setup | Plugin install, Daraja credentials, callback, go-live test on existing WooCommerce store | Ksh 5000 | 1 day |
| Custom Gateway | Bespoke WooCommerce payment plugin, custom STK flow, full logging and reconciliation | From KSh 20,000 | 1 to 2 weeks |
| Advanced | Multi-Paybill routing, B2C payouts, subscription billing, dashboards | From KSh 50,000 | 3 to 4 weeks |
| Full Store + M-Pesa | New WooCommerce store, products loaded, M-Pesa integrated end to end | From KSh 100,000 | 4 to 6 weeks |
Best Practices for a Smooth Launch
A few practices that help every WooCommerce + M-Pesa launch go well:
- Validate phone numbers on the checkout form. Reject non-Kenyan numbers or formats that Daraja will reject anyway. This saves a failed transaction and a confused customer.
- Log every request and response. Daraja occasionally has hiccups. Logs are how you tell the difference between your bug and Safaricom's.
- Handle the "Wrong PIN" case gracefully. Show the customer a clear retry button. Do not just say "Payment failed".
- Set sensible timeouts. If the customer does not respond to the STK prompt within 60 seconds, mark the order as pending and let them try again.
- Use idempotency keys. If a customer clicks pay twice, do not charge them twice. The order number is a natural idempotency key.
- Run a daily reconciliation script. Match every Safaricom transaction to a WooCommerce order. Flag mismatches in a daily email.
- Configure SPF, DKIM, and DMARC for your store's email. Order confirmation emails containing M-Pesa receipts must reach the inbox.
- Display the M-Pesa logo on your checkout page. It signals trust and reduces cart abandonment.
Frequently Asked Questions
How much does M-Pesa integration cost on WooCommerce?
Plugin-based integration is ksh 5,000 including setup, testing, and go-live. Custom integration with bespoke logic ranges from KSh 20,000 to KSh 80,000 depending on complexity. A full WooCommerce build with M-Pesa included starts at KSh 100,000.
Can WooCommerce accept M-Pesa STK Push?
Yes. With a Daraja-connected plugin or a custom gateway, customers can pay directly through STK Push at checkout. They enter their phone number, get a prompt on their phone, enter their PIN, and the order is paid automatically.
Do I need a Paybill or Till to use M-Pesa on WooCommerce?
Yes. You need a registered Paybill, Till Number (Buy Goods), or both. The shortcode must be linked to a Safaricom business account and have an active Daraja app for online integration.
What is the Daraja API?
Daraja is Safaricom's official developer platform for M-Pesa. It exposes STK Push, Paybill confirmations, B2C payouts, balance queries, and transaction status checks as REST APIs. Every M-Pesa integration on WooCommerce uses Daraja under the hood.
How long does it take to integrate M-Pesa with WooCommerce?
Plugin-based integration with testing and go-live takes 1 day. Custom integrations with reconciliation, multi-paybill routing, or recurring billing take 1 to 2 weeks.
Can I test M-Pesa on WooCommerce before going live?
Yes. Daraja's sandbox lets you run mock transactions with test credentials and test phone numbers. Once live, we recommend running a real KSh 1 transaction from a personal phone to confirm everything works end to end.
What happens if a customer's M-Pesa payment fails?
WooCommerce keeps the order in a "pending payment" state. The customer can retry from their account page or from a payment retry link emailed to them. Failed payments do not deduct money from the customer.
Can I accept M-Pesa from international customers?
M-Pesa STK Push works on Safaricom numbers. For international customers, pair M-Pesa with a card payment method (Visa, Mastercard) via Pesapal or Flutterwave to cover both audiences.
Will my customers see the M-Pesa logo at checkout?
Yes. Every M-Pesa plugin lets you display the official M-Pesa logo and a brief explanation at checkout. This signals trust to Kenyan shoppers and increases checkout completion.
Want M-Pesa working on your WooCommerce store?
We integrate M-Pesa STK Push, Paybill, Till, and B2C into WooCommerce stores across Kenya. Fixed quote, fixed timeline, tested with real money before launch.
Book a Free ConsultationRelated: M-Pesa Integration Service · E-commerce Websites Kenya · How to Start an Online Shop in Kenya · M-Pesa Website Integration Guide