Airtel Money - Authorization

This API is used to fetch the access_token required as a Bearer token to authorize all subsequent Airtel Money API calls.

POST /auth/oauth2/token

Staging URL: https://openapiuat.airtel.africa/
Production URL: https://openapi.airtel.africa/

Parameters

Name	Type	Required	Description
Content-Type	Header	Yes	`application/json`
Accept	Header	Yes	`/`

Request Body

Attribute	Type	Description
`client_id`	String	The unique Consumer Key displayed in your application portal.
`client_secret`	String	The Consumer Secret displayed in your application portal.
`grant_type`	String	Must be exactly `client_credentials`.

Response

{
  "access_token": "Received_token_string",
  "expires_in": "3600",
  "token_type": "Bearer"
}

Airtel Money - Encryption (V2.0)

Airtel Money APIs strictly use RSA encryption with 2048-bit keys and AES payload signing for transaction integrity.

Message Signing (X-Signature)

For sensitive endpoints like Payments and Refunds, requests must be digitally signed to prevent tampering during transmission.

Generate a random AES key (256 bits) and IV (128 bits) and Base64 encode them.
Fetch the RSA key for the consumer from the `GET /v1/rsa/encryption-keys` endpoint.
Encrypt your JSON payload using the AES key and IV. Send this in the x-signature header.
Concatenate the key and IV as Key:Iv.
Encrypt the Key:Iv string using the fetched RSA public key and send it in the x-key header.

Airtel Money - Collection (USSD Push)

This API requests a payment directly from a consumer (Payer). The consumer receives a USSD prompt to authorize the payment via their PIN.

POST /merchant/v2/payments/

Headers Required

Authorization: Bearer {access_token}
X-Country: e.g., UG, KE
X-Currency: e.g., UGX, KES
x-signature: Encrypted AES Payload
x-key: Encrypted AES Key:Iv pair

Request Body

Attribute	Required	Description
`reference`	Yes	Reference for goods purchased.
`subscriber.country`	Yes	The country of the subscriber.
`subscriber.msisdn`	Yes	MSISDN without the country code.
`transaction.amount`	Yes	Amount to be deducted.
`transaction.id`	Yes	Unique transaction identifier.

Daraja - Authorization

The Authorization API generates access tokens required for authenticating Daraja API calls. Tokens expire after 3600 seconds.

GET /oauth/v1/generate?grant_type=client_credentials

Sandbox: https://sandbox.safaricom.co.ke
Production: https://api.safaricom.co.ke

Headers Required

Authorization: Basic {Base64(ConsumerKey:ConsumerSecret)}

Response

{
  "access_token": "c9SQxWWhmdVRlyh0zh8gZDTkubVF",
  "expires_in": "3599"
}

Daraja - M-Pesa Express (STK Push)

Initiates a Merchant initiated C2B transaction. A push request is sent to the customer's phone prompting them to enter their M-PESA PIN.

POST /mpesa/stkpush/v1/processrequest

Request Payload

Parameter	Description
`BusinessShortCode`	The organization's shortcode (5 to 6 digits).
`Password`	Base64 encoded string of `Shortcode+Passkey+Timestamp`.
`Timestamp`	Format: YYYYMMDDHHmmss
`TransactionType`	`CustomerPayBillOnline` or `CustomerBuyGoodsOnline`.
`Amount`	The transaction amount.
`PartyA`	The phone number sending money (2547XXXXXXXX).
`PartyB`	The organization receiving the funds.
`PhoneNumber`	Mobile number to receive the USSD prompt.
`CallBackURL`	Where Daraja will send the success/failure result.
`AccountReference`	Alphanumeric identifier shown to the user on the prompt.

Success Response (Acknowledgement)

{
  "MerchantRequestID": "2654-4664-97ff-b827b542881d3130",
  "CheckoutRequestID": "ws_CO_1007202409152617172396192",
  "ResponseCode": "0",
  "ResponseDescription": "Success. Request accepted for processing"
}

Daraja - B2C Disbursements

Used to make payments from a Business Shortcode to a Customer's number (e.g., Salary, Cashback, Promotional payouts).

POST /mpesa/b2c/v3/paymentrequest

Request Payload

Parameter	Description
`InitiatorName`	Username of the API user created on the M-PESA portal.
`SecurityCredential`	Encrypted password of the API user.
`CommandID`	`SalaryPayment`, `BusinessPayment`, or `PromotionPayment`.
`Amount`	Amount to be transferred.
`PartyA`	B2C organization short code.
`PartyB`	Customer's mobile number (e.g., 2547XXXXXXXX).
`ResultURL`	Callback URL to receive the transaction final status.

Daraja - C2B Register URLs

Registers your Validation and Confirmation URLs for receiving asynchronous C2B transaction notifications.

POST /mpesa/c2b/v2/registerurl

{
  "ShortCode": "600984",
  "ResponseType": "Completed", 
  "ConfirmationURL": "https://mydomain.com/confirmation",
  "ValidationURL": "https://mydomain.com/validation"
}

Note: ResponseType determines the default action (Completed/Cancelled) if your ValidationURL is unreachable.

MTN MoMo - API User Provisioning

Before accessing the MoMo API in the Sandbox, you must provision an API User and an API Key.

1. Create API User

POST /provisioning/v1_0/apiuser

Headers: X-Reference-Id (UUID V4), Ocp-Apim-Subscription-Key

{ "providerCallbackHost": "yourdomain.com" }

2. Create API Key

POST /provisioning/v1_0/apiuser/{X-Reference-Id}/apikey

Response returns a JSON object containing your newly generated apiKey.

MTN MoMo - OAuth 2.0 Token

Requests an access token using Client Credential Grant. The generated API User and API Key are used for Basic Authentication.

POST /token

Headers Required

Authorization: Basic Base64({APIUser}:{APIKey})
Ocp-Apim-Subscription-Key: Your product subscription key

Response

{
  "access_token": "string",
  "token_type": "string",
  "expires_in": 3600
}

MTN MoMo - Request to Pay (Collection)

Requests a payment from a customer. The customer is prompted to approve the transaction via USSD or the MoMo App.

POST /collection/v1_0/requesttopay

Headers Required

X-Reference-Id: Unique UUID V4 for this transaction.
X-Target-Environment: e.g., sandbox
Ocp-Apim-Subscription-Key: Collection Product Key
Authorization: Bearer {access_token}
X-Callback-Url: (Optional) Endpoint to receive transaction status.

Request Body

{
  "amount": "1500",
  "currency": "EUR",
  "externalId": "123456",
  "payer": {
    "partyIdType": "MSISDN",
    "partyId": "1234567890"
  },
  "payerMessage": "Payment for order",
  "payeeNote": "Payment received"
}

MTN MoMo - Transfer (Disbursements)

Transfers money from the provider account to a customer wallet.

POST /disbursement/v1_0/transfer

Headers Required

Same as Request to Pay, but using the Disbursement Ocp-Apim-Subscription-Key.

Request Body

{
  "amount": "1000",
  "currency": "EUR",
  "externalId": "10001",
  "payee": {
    "partyIdType": "MSISDN",
    "partyId": "123456789012"
  },
  "payerMessage": "Salary payout",
  "payeeNote": "Salary payout"
}

Airtel Money

Safaricom Daraja

MTN MoMo

Airtel Money - Authorization

POST /auth/oauth2/token

Parameters

Request Body

Response

Airtel Money - Encryption (V2.0)

Message Signing (X-Signature)

Airtel Money - Collection (USSD Push)

POST /merchant/v2/payments/

Headers Required

Request Body

Daraja - Authorization

GET /oauth/v1/generate?grant_type=client_credentials

Headers Required

Response

Daraja - M-Pesa Express (STK Push)

POST /mpesa/stkpush/v1/processrequest

Request Payload

Success Response (Acknowledgement)

Daraja - B2C Disbursements

POST /mpesa/b2c/v3/paymentrequest

Request Payload

Daraja - C2B Register URLs

POST /mpesa/c2b/v2/registerurl

MTN MoMo - API User Provisioning

1. Create API User

2. Create API Key

MTN MoMo - OAuth 2.0 Token

POST /token

Headers Required

Response

MTN MoMo - Request to Pay (Collection)

POST /collection/v1_0/requesttopay

Headers Required

Request Body

MTN MoMo - Transfer (Disbursements)

POST /disbursement/v1_0/transfer

Headers Required

Request Body