- Регистрация
- 1 Мар 2015
- Сообщения
- 1,820
- Баллы
- 155
enables developers to integrate with M-Pesa and create seamless payment solutions. To securely access these APIs, you first need to obtain an access token using a dedicated authorization endpoint. This access token is valid for 3600 seconds (1 hour) and must be renewed when it expires. This guide will walk you through the steps for generating an access token, including details for testing on Postman.
Overview: Authentication API
The provides a time-bound access token required for calling other Daraja APIs. This is a foundational step, as all other API calls require this token for authentication.
Endpoint Summary
To use this endpoint, you’ll need:
These credentials are generated when you register your application on the Daraja portal under My Apps.
Step-by-Step Guide to Generating an Access Token
Step 1: Set Up the Request in Postman
1. Open Postman and Create a New Request
You don’t need to add any headers manually because the Basic Auth will populate the Authorization header automatically, containing the Base64-encoded Consumer Key and Consumer Secret.
Step 3: Send the Request
Click Send in Postman to make the request. If successful, you’ll receive a response with your access token and its expiry time.
Request Example
Below is an example of the request you’ll be sending to obtain the access token:
There’s no additional body content required for this GET request.
Headers
Query Parameters
Example Response
A successful request returns a JSON object containing the access token and its expiry time in seconds:
{
"access_token": "c9SQxWWhmdVRlyh0zh8gZDTkubVF",
"expires_in": "3599"
}
Once you have the access_token, you can call other Safaricom APIs by including the token in your request headers as follows:
For example:
Authorization: Bearer c9SQxWWhmdVRlyh0zh8gZDTkubVF
Notes
With the access token, you’re ready to explore other Daraja APIs to manage M-Pesa payments, check transaction statuses, and more. Following these steps, you’ll establish secure, authenticated interactions with the M-Pesa services.
Happy Coding with M-Pesa Daraja API!
Overview: Authentication API
The provides a time-bound access token required for calling other Daraja APIs. This is a foundational step, as all other API calls require this token for authentication.
Endpoint Summary
- Method: GET
- URL:
- Grant Type: client_credentials
To use this endpoint, you’ll need:
- Consumer Key
- Consumer Secret
These credentials are generated when you register your application on the Daraja portal under My Apps.
Step-by-Step Guide to Generating an Access Token
Step 1: Set Up the Request in Postman
1. Open Postman and Create a New Request
- Choose the GET method.
Enter the endpoint URL:
- Go to the Authorization tab in Postman.
- Select Basic Auth as the type.
- Enter your Consumer Key in the Username field.
- Enter your Consumer Secret in the Password field.
- Postman will automatically generate the necessary authorization header.
You don’t need to add any headers manually because the Basic Auth will populate the Authorization header automatically, containing the Base64-encoded Consumer Key and Consumer Secret.
Step 3: Send the Request
Click Send in Postman to make the request. If successful, you’ll receive a response with your access token and its expiry time.
Request Example
Below is an example of the request you’ll be sending to obtain the access token:
- Method: GET
- URL:
- Authorization Type: Basic Auth
There’s no additional body content required for this GET request.
Headers
| Header | Value |
|---|---|
| Authorization | Basic <Base64-encoded Consumer Key:Consumer Secret> |
| Parameter | Description | Type | Value |
|---|---|---|---|
| grant_type | Specifies the grant type, which is supported as client_credentials | Query | client_credentials |
A successful request returns a JSON object containing the access token and its expiry time in seconds:
{
"access_token": "c9SQxWWhmdVRlyh0zh8gZDTkubVF",
"expires_in": "3599"
}
- access_token: The token used to authenticate other API requests.
- expires_in: Token’s validity in seconds, usually 3600.
Once you have the access_token, you can call other Safaricom APIs by including the token in your request headers as follows:
- In Postman, go to the Headers tab.
- Set up the Authorization header:
- Key: Authorization
- Value: Bearer YOUR_ACCESS_TOKEN (replace YOUR_ACCESS_TOKEN with the actual token from the response).
For example:
Authorization: Bearer c9SQxWWhmdVRlyh0zh8gZDTkubVF
Notes
- Token Expiry: Remember, the token is only valid for 1 hour, so you’ll need to generate a new one after this time to continue making API requests.
- Security: Keep your Consumer Key and Consumer Secret secure. Do not share or expose these keys.
- Sandbox Testing: Always test your setup in the Sandbox environment. When you’re ready to go live, switch to the Production URL.
With the access token, you’re ready to explore other Daraja APIs to manage M-Pesa payments, check transaction statuses, and more. Following these steps, you’ll establish secure, authenticated interactions with the M-Pesa services.
Happy Coding with M-Pesa Daraja API!