To get Safaricom Daraja API credentials for M-Pesa, start by registering on their developer portal, as this is essential for WordPress integrations like the WooCommerce plugins we discussed earlier.
Registration Steps
Create a free account at developer.safaricom.co.ke using your email and phone number. Verify via OTP, then log in to access the Daraja dashboard. This sets up your developer profile for sandbox testing before going live.
Generating Consumer Key and Secret
Navigate to "My Apps" in the dashboard. Click "Create New App," provide an app name and description (e.g., "WordPress M-Pesa Store"), then select APIs like Lipa na M-Pesa Online. Submit to generate your Consumer Key and Consumer Secret—these authenticate API calls via OAuth tokens.
Obtaining Passkey and Other Credentials
For STK Push payments:
-
Go to "APIs" > "Lipa na M-Pesa" > "Simulate."
-
Select your app; the sandbox Passkey appears (e.g., test value for development).
-
Note your Shortcode (Paybill/Till number) and Confirmation/Validation URLs from your plugin.
For production, submit business docs (e.g., certificate of incorporation, KRA PIN) via the portal for approval. Safaricom emails live credentials within days.
Sandbox vs. Production Credentials
| Environment | Endpoint Base URL | Use Case | Credentials Source |
|---|---|---|---|
| Sandbox | sandbox.safaricom.co.ke | Testing plugins | Auto-generated on creation |
| Production | api.safaricom.co.ke | Live WordPress store | Post-approval email |
Test with phone 254708374149 and PIN 123456 in sandbox mode first.
Using Credentials in WordPress
Paste them into your plugin settings (e.g., Woo M-Pesa): Consumer Key/Secret for token generation, Passkey for payment passwords, Shortcode for your till. Generate token via POST to /oauth/v1/generate?grant_type=client_credentials using Base64(consumer_key:consumer_secret).
Always use HTTPS, store securely (avoid wp_options table exposure), and renew tokens hourly. This aligns perfectly with your ICT content work in Nairobi
