M-Pesa Payment Integration for Kenyan Websites (Step-by-Step Guide)

Picture a customer ready to buy, cart full, phone in hand for mobile payment. If they can’t pay with M-Pesa in seconds, they’ll often leave just as fast. That’s why M-Pesa payment integration for online payments isn’t “nice to have” for Kenyan businesses, it’s the checkout door handle. If it sticks, people walk away.

This guide explains the flow, what you need before you start, and a clear step-by-step setup for STK Push on websites. It’s written for business owners and teams investing in website development in Kenya, from simple service sites to full e-commerce stores.

How M-Pesa payments work on a website (the flow you’re building)

Most website payments in Kenya use STK Push (Lipa Na M-PESA or M-Pesa Express). Your site asks for a mobile number, sends a payment request to Safaricom, and M-Pesa delivers a USSD Push to prompt the customer on their phone; then your server receives a confirmation through a callback (webhook). In other words, the customer’s phone becomes the “card terminal.”

Two details matter more than people expect:

• Your website must not “assume” payment succeeded. It should wait for the callback result.
• Your order system must handle payment reconciliation. That means matching an order ID to a paid status, even when a user closes their browser.

If you want extra context on common Kenyan mobile payment and payment gateway implementations (STK Push, PayBill, Till, and typical setups), this complete M-Pesa integration guide is a helpful reference you can compare against your own flow.

What to set up first (Daraja access, security, and the right website stack)

Start with the Safaricom Developers Portal and Daraja portal to set up your developer account and create a staging environment for testing. Then plan early for production approval and securing your API credentials because paperwork and timelines can slow launches.

As of March 2026, teams are also working with Daraja API 3.0, which Safaricom rolled out in late 2025 and fully stabilized in early 2026. The biggest value is practical: stronger capacity, quicker onboarding, and fewer support delays. That’s good news for Kenya website developers building stores that process payments in Kenyan Shilling and need reliability during campaigns.

Next, check your website foundation:

• Use HTTPS (SSL) because callbacks carry sensitive payment results.
• Host your callback endpoint on a stable server (random downtime creates “paid but not updated” headaches).
• Decide whether you’re integrating through a direct Daraja build or a payment provider with ready endpoints. If your dev team wants a third-party walkthrough, this M-Pesa Daraja API integration guide gives a practical overview.

Finally, choose the platform based on your real goal. WooCommerce, Shopify, and custom builds can all work, but your “best” option depends on catalog size, delivery rules, and reporting needs. If budgeting is part of your decision, this guide on eCommerce website development costs Kenya breaks down typical cost ranges and what drives them.

Step-by-step: M-Pesa payment integration (STK Push) for Kenyan websites

Below is the clean, real-world sequence most website developers in Kenya follow for STK Push. It applies to WordPress website design (WooCommerce), custom Laravel/PHP, Node, Python, and other stacks.

1. Create a Daraja sandbox app Get your Consumer Key and Consumer Secret from the Daraja portal, along with the Pass Key. Refer to the API documentation for setup details. Keep the Consumer Key, Consumer Secret, and Pass Key server-side, never in frontend code.
2. Set your core identifiers Confirm your Business Short Code (PayBill or Till), transaction type, and how you’ll generate timestamps and passwords. Also decide your AccountReference rules (keep it short and consistent).
3. Build the “Start Payment” endpoint Your website should send amount, phone number, and an internal order reference to your server. The server then requests the STK Push from the M-Pesa API. Don’t call the M-Pesa API directly from the browser.
4. Create a callback (webhook) URL This endpoint receives the M-Pesa result from the payment request. It must:
   • Validate the payload,
   • Log the raw callback,
   • Update the order status only after confirming success,
   • Save the transaction receipt and amount paid.
5. Add a payment status page After STK Push, show a waiting screen and poll your server for the final status. Some payments take a few seconds.
6. Test failure cases on purpose Try wrong M-Pesa PIN, user cancel, timeout, low funds, and wrong mobile number. Your site should handle all without breaking the order record.
7. Move to production After sandbox success, apply for production access and swap API credentials. Then retest on live with small amounts before opening to all customers. This completes your Go Live process.

If you prefer a provider-led walkthrough, this M-Pesa API integration step-by-step guide outlines a common approach and typical endpoints used by aggregators.

Gotcha: a “success” response to the STK Push request only means the prompt was sent. Treat payment as pending until your callback confirms it.

Common issues that break M-Pesa checkouts (and how to prevent them)

Most failed integrations don’t fail in the API call; they fail in the “last meter” of transaction processing between callback, database, and order logic, undermining operational stability across broader integration types.

Watch for these problems:

• Unreachable callback URL: If your site blocks Safaricom IPs, has wrong SSL, or times out, you’ll miss confirmations.
• No idempotency: Callbacks can repeat. Your system should update the order once, then ignore duplicates.
• Weak logging: Without raw callback logs, support becomes guesswork when a customer says, “I paid.”
• Front-end trust: Some sites mark orders as paid when a user clicks “I’ve paid.” That’s how disputes start.

If you’re comparing payment gateway vendors, timelines, and ongoing support, Nairobi web teams often include this under payment QA. Our integration guide offers steps for fixing these common issues. This hiring guide on website developers Kenya costs guide helps you check whether a developer thinks about payment reliability, not just the button design.

Nairobi Web Experts, building M-Pesa-ready websites that sell and track payments

Nairobi Web Experts builds M-Pesa-enabled sites with payment gateway integration and the unglamorous parts done right: secure hosting, SSL, stable callbacks, clean order records, disbursement methods, bulk payments, and reporting that matches what finance needs. It’s the difference between “payments work on my laptop” and “payments work every day.”

Clients also come in with very different shopping lists. Some ask for website creation in Kenya with a clean brochure site; others need eCommerce website developers in Kenya (and e-commerce website developers in Kenya) for full checkout builds, including POS checkout for brick-and-mortar needs. You’ll also hear people searching for website development companies in Kenya, Kenya website developers, or Nairobi website designers because they’re comparing support, not just looks. Tanzanian businesses looking to scale across East Africa also reach out, using ClickPesa as a solution for multi-market payments.

Design requests vary too. A school may want school website design, school website design Kenya society pages, and simple downloads. Property brands ask for modern real estate website design, property website design, property management website design, best property management website design, real estate website design services, real estate brokerage website design, real estate developer website design, real estate investment website design, even “top real estate website designs” or best realtor website design. Meanwhile, DIY searches show up as website design free, free website design, free website design templates, wix website design, canva website design, website design tools, website design software, website design course, simple website design, and website design ai (plus comparisons like website design Berlin, website design awards, and website design price in Germany). All of that ties back to one decision: do you want a site that only looks good, or one that collects money reliably?

For clearer budgeting, Nairobi Web Experts also covers web design cost in Kenya, website development cost in Kenya, website creation price in Kenya, website design cost, website design prices in Kenya, and website design prices in Kenya again because buyers keep asking. If you want a baseline before requesting quotes, this web design costs Kenya 2025 guide explains what affects pricing and scope.

Conclusion

A strong M-Pesa checkout for mobile payments feels like a smooth handshake: quick, familiar, and trusted. Build around the callback, log everything, and treat online payments as pending until confirmed. If you’re investing in M-Pesa payment integration, also invest in the basics that protect it, SSL, stable hosting, and clean order logic. When you’re ready to Go Live, work with website experts who can support the build long after launch, because payments do not care whether it is a weekend or a holiday.