How M-Pesa payments work online
When a customer pays on your website or app, the cleanest experience is STK Push: they enter their phone number, a payment prompt pops up on their phone, they enter their M-Pesa PIN, and the payment confirms automatically. No paybill numbers to copy, no manual reconciliation.
This is powered by Safaricom's Daraja API, which connects your site to M-Pesa.
Paybill or Till?
- Paybill suits businesses that bill customers (services, invoices, accounts) — customers enter an account number.
- Till (Buy Goods) suits shops and quick sales.
For automated online payments you'll typically register for the Daraja Lipa na M-Pesa Online product against your paybill or till.
What you need to go live
- A registered paybill or till number
- Daraja API credentials (consumer key and secret, passkey, shortcode)
- A secure, public callback URL on your site so M-Pesa can confirm each payment
- Testing in the sandbox, then production approval from Safaricom
Things to plan for
- Reconciliation: every payment should update an order or invoice automatically via the callback.
- Failures & timeouts: handle cancelled prompts and retries gracefully.
- Receipts: send the customer an automatic confirmation.
- Security: never expose your keys in the browser; verify callbacks server-side.
We handle the hard parts
We build the full flow — STK Push, callbacks, reconciliation and receipts — into your store or app, and walk you through the Safaricom registration.
Want M-Pesa on your site? Tell us what you need and we'll quote it.