Integration of the Safaricom Daraja 2.0 Mpesa API cannot be accomplished without the skill on how to generate the Security Credentials. Below, I wrote a solution that will help you generate security credentials very easy. Whether for Daraja sandbox or production, you will find it very easy.

Go to this link and generate on the fly: Generate Security credential right now.

Please note: I am always standby to work on your B2C API integration to your software, website or mobile app. Just ping me via WhatsApp +254706745202. Cheers.

What is an Mpesa API security credential?

According to Mpesa API (Daraja), a security credential is an encrypted version of the password of the API user.

So where can you get the Mpesa API user password?

They are two types of Mpesa API user password.

1. The sandbox API user password: This is provided alongside the sandbox username on the test credentials page. On Daraja 2.0 (which is the current version during the writing of this post), Go to the APIs link, select B2C API and simulate. The simulate API form will be populated with working API user, password and shortcode.

2. The production API user password: This is generated on the B2C mpesa Org portal account using the business administrator account registered with safaricom.  This may be complex for many developers and individuals. Feel free to contact me for any assistance around this part at a fee (WhatsApp me on +254706745202).

Once you have the above API user password, it is time to generate the security credential from this. This is the time things get thicker for most people. In a nutshell, Mpesa API user security credential as consumed by Mpesa B2C API (Business to Customer API), is generated as follows:

Step 1: Get the Mpesa API user password with you. It could be sandbox or Production version.

Step 2: Convert the above string (the password) into a byte array.

Step 3: Encrypt the Byte array from step 2 above with the Mpesa provided public key relevant to right environment. If it is sandbox public key, use it to encrypt the sandbox byte array. Same will apply to the production byte array.

Step 4: Base64_encode the resultant from step 3 above.

That is it. You now have the required Mpesa b2c API SECURITY credential.

 To make the above part easy for you, I wrote a solution that will help you get your security credential of the fly here: Generate Security credential right now.

To test if it works, send a B2C request payment body as follows:

    "InitiatorName": "testapiusername",
    "SecurityCredential": "securitycredentialhere",
    "CommandID": "BusinessPayment",
    "Amount": 1,
    "PartyA": 600999,
    "PartyB": 254708374149,
    "Remarks": "Test remarks",
    "QueueTimeOutURL": "",
    "ResultURL": "",
    "Occassion": "null"


 You will have to catch the result on the B2C result url to view the json response from Mpesa B2C API and know how you are performing on your requests.