Daraja Readiness Checklist
Use this before enabling M-Pesa STK push in production.
Current state: Daraja credentials not yet available.
1) Safaricom Setup
- Create/confirm Daraja app and receive Consumer Key + Consumer Secret.
- Confirm shortcode type and passkey.
- Confirm your callback URL domain is public HTTPS.
- Whitelisting/IP requirements checked (if needed by provider).
2) Production Environment Variables
M_PESA_CONSUMER_KEYM_PESA_CONSUMER_SECRETM_PESA_SHORTCODEM_PESA_PASSKEYM_PESA_CALLBACK_URLM_PESA_BASE_URL=https://api.safaricom.co.ke (production)
3) Callback & Payment Flow Tests
- STK prompt appears on phone for valid Kenyan number.
- Approved payment returns callback and order changes to
paid.
- Cancelled/failed payment returns
failed status.
- Amount and phone validation mismatch goes to
flagged.
4) Operations Checklist
- Admin knows how to review orders from backend endpoint.
- Support process defined for pending/failed orders.
- Daily reconciliation process documented (payments vs orders).
- Access to secrets limited to trusted admins only.
5) Go-Live Gate
Go live only when all checks above are complete.
Until Daraja is ready, continue using the manual payment flow and donation transfer flow already active on your website.