Safaricom’s Daraja API allows developers to integrate M-Pesa into their systems for services like STK Push, C2B (Customer to Business), B2C (Business to Customer), and transaction querying. While testing happens in the sandbox, going live (production) involves several specific steps and requirements.
Here’s a detailed guide on how to move from sandbox to production on Daraja, including a checklist of all necessary items.
✅ Prerequisites Before Going Live
| Requirement | Description |
|---|---|
| 🔐 Approved M-Pesa Paybill or Shortcode | You must have a valid and active Paybill or Till Number registered to your business. |
| 🧾 Daraja Portal Account | Register on the Safaricom Developer Portal. |
| 📄 API Use Case | Clearly defined use case (e.g., STK Push for e-commerce, C2B for utility bill payments). |
| 🔁 Callback URLs | Publicly accessible HTTPS URLs for validation and confirmation (for C2B) or STK callbacks. |
| ✅ Tested and Working Sandbox Integration | Ensure all your sandbox endpoints (STK push, C2B, B2C, etc.) are tested and working. |
| 📧 Go-Live Request Letter | Submit a signed go-live request letter to Safaricom or upload it via the portal. |
| 📍 IP Whitelisting | Safaricom will whitelist your production server IPs before enabling access to live endpoints. |
🧾 Checklist: What You Need to Go Live
| ✅ Item | ✔️ Status |
|---|---|
| Sandbox integration completed and tested | ✅ |
| Live Paybill or Till Number | ✅ |
| Company registration documents | ✅ |
| Live callback URLs (HTTPS only) | ✅ |
| Signed and stamped go-live request letter | ✅ |
| Contact person (technical & admin) | ✅ |
🔧 Step-by-Step: Moving to Production in Daraja
Step 1: Test in Sandbox Environment
- Register an app on the Daraja Portal.
-
Use the sandbox credentials to:
- Make STK Push requests
- Receive C2B simulated payments
- Handle B2C and transaction status requests
Test callback URL reception and logging.
Confirm everything works end-to-end.
Step 2: Write a Go-Live Request Letter
Create an official letter on your company letterhead containing:
- Company name and registration number
- Shortcode (Paybill or Till number)
- APIs you want to activate (STK Push, C2B, B2C, etc.)
- Confirmation that your systems have been tested in sandbox
- Your callback URLs
- Contact information (email, phone, tech team)
✉️ Submit the letter to m-pesabusiness@safaricom.co.ke or via the Safaricom business portal.
Step 3: Safaricom Reviews and Approves
Once you submit your go-live request:
- Safaricom will review and verify your use case.
-
If approved:
- You’ll receive production credentials (App key, App secret).
- Your server IP will be whitelisted.
- Access to live endpoints will be granted.
Step 4: Update Your Application with Production Credentials
Once approved:
- Replace your sandbox App Key and Secret with production ones.
- Update the Shortcode/Initiator name and security credentials.
- Ensure you're calling the production API URLs, not the sandbox ones:
- Sandbox:
https://sandbox.safaricom.co.ke - Production:
https://api.safaricom.co.ke
Step 5: Deploy and Monitor
- Go live with your updated app.
- Log all callbacks and transaction responses for auditing.
- Ensure retry mechanisms are in place in case of failed callbacks.
- Monitor transactions in real-time and test with small live transactions first.
🔐 Common Production APIs to Use
| API | Use Case |
|---|---|
| STK Push | Prompt customers to pay |
| C2B (Customer to Business) | Receive payments from customers |
| B2C (Business to Customer) | Send payments (e.g., salaries, disbursements) |
| Transaction Status | Track payments |
| Account Balance | Check M-Pesa balance |
🧠 Tips for a Smooth Go-Live Process
- Test all error handling (e.g., failed payments, timeout callbacks).
- Use secure HTTPS URLs with valid SSL certificates.
- Validate and sanitize all callback data.
- Have logs and monitoring set up.
- Be ready with support in case of user issues on Day 1.
📌 Conclusion
Going live with Safaricom's Daraja API is a powerful step toward automating your business payments. With the correct setup, thorough sandbox testing, and a well-prepared go-live request, your integration can start accepting or making real-time M-Pesa transactions reliably and securely.