Q. What is a CRQ?

A. This is a Change Request number raised internally for authorization and tracking of your API integration request.

Q. What is SAG?

A. Service Access Gateway is the 3rd party point of contact for API services.


Q.  What is 2-way SSL authentication?

A.  Also referred to as client or mutual authentication is whereby an application acting as an SSL client presents its certificate to  the SSL server after the SSL server authenticates itself to the SSL client.

Q.  Do we require to have  https connection?

A.  Yes, as compulsory requirement you do require a https after testing on http and before moving to the live platform

Q.  To whom do I send CSR after generating it?

A.   Share the CSR with the contact person assisting you to integrate who will have it signed by security team

Q.  What do I need to implement 2-way/mutual authentication?

A.  You need testbroker, prodbroker, and CA chain certificates which are to be installed in your server certificate trust store. All these certificates would be shared by contact person assisting you in integration testing.

Q.  My certificate for encrypting API initiator password is about to expire. Will authentication to SAG fail?

A. No, the expiry date of the certificate that encrypts the initiator password is not checked when validating its authenticity. Other parameters are checked though.

Q.  Do I need to implement mutual authentication for Online Checkout?

A.  No, Online Checkout uses 1 – way SSL authentication.


M-Pesa Transaction Categories 

Online Checkout 

Q.  What is Bonga Pin?

A.  A 4 digit number used to to secure Bonga Points transfer and Purchase of Data Bundles via M-PESA.

Q.  How do I obtain my Bonga PIN?

  • For Prepay customers; dial *126*5#. Vetting will be based on ID number and Last top up
  • For post Pay customer, call line 200 for assistance

Q. What do I require to sign up for M-PESA PayBill account?

  • Copy of Certificate of registration or equivalent
  • Copy of Pin certificate
  • ID copies of directors
  • A copy of domain registration details

Q. How do I register for or integrate LNM online payment service as a merchant onto my e-commerce website?

  • First sign up for M-PESA PayBill account by emailing a request to corporatesales@safaricom.co.ke or calling 0722002222
  • Download and fill LNM Online Application form then submit it for processing which typically takes 1 week.
  • Download the C2B online checkout developer guide for guidance on integrating into LNM platform

Q.  Is there a PHP implementation or library available?

A.  No

Q.  Do I need to connect over a VPN?

A.  No, the service is available over the internet

Q.  How can we make test payments for our Test environment?

A.  For Online Checkout, there is currently no test environment.

Q.  How do I access my funds?

A.  Every Merchant who signs up will be given access to M-PESA PayBill account where they can log in and withdraw funds to bank.

Q.  How Long will it take to access funds withdrawn from my PayBill account?

A.  The funds will be settled to your Bank account (within Kenya) the following day after withdrawal.

Q.  Who can I contact in case of an inquiry about the service?

A.  For any feedback or assistance contact Safaricom on 0722002222/2134 or lipanampesa@Safaricom.co.ke


Q.  What is the difference between “C2B Online Checkout” and “C2B Validation and Confirmation”?

A.   Online Checkout transactions are initiated via API by the merchant and the customer gets notification pop-up on their phone to confirm the transaction. For C2B confirmation and validation transaction is initiated by the customer and the merchant gets payment notification.

Q.   Is there anything that can be changed on the API?

A.   Unfortunately, since a lot of businesses are connected to the API, changes will be difficult as it will affect all the users

Q.   Does the format of the request and response need to be the same as the .wsdl file shared to me?

A.   Yes, the format should remain the same. Any change will result in an error. This applies to all integration services.

Q.   How do I register my C2B Web service client endpoint to Mpesa?

A.   Use registerURL API call message after proper modification of confirmation URL and Validation URL.

Q.  What is C2B Validation?

A.  This is an optional functionality that M-Pesa system supports however it is upon the 3rd party to implement the validation logic. The parameter value to be validated is passed to 3rd party as BillRefNumber. 

B2C & B2B

Q.  How do I register my B2C Web service client endpoint to Mpesa?

A.  No registration is needed however, you are required to provide a result URL endpoint in your API call message to which transaction notification would be sent.

Q. After moving to production I start getting “The initiator information is invalid” error. What should I do?

A. Firstly. ensure you are sending the API request to production endpoint. Secondly, ensure you are using correct initiator username and that you have encrypted its password with the production initiator encryption certificate (which is different from testbed certificate), as described in the B2C/B2B developer guides.

Q. Can I share the same shortcode across all the API services?

A. While C2B & B2B or B2C & B2B can certainly share the same shortcode, C2B and B2C cannot.