Web Development

M-Pesa integration pitfalls that cost real money

Seven Daraja API mistakes we see weekly — and the production-grade patterns that fix them.

18 Mar 2026·10 min read·By Teddy Thande

M-Pesa integrations in Kenya look easy in the sandbox. Then production happens — duplicate payments, dropped callbacks, finance teams stuck reconciling 800 transactions in Excel.

01

1. Treating callbacks as reliable

Daraja callbacks fail more than you think. Idempotent, queryable transactions plus a reconciliation cron are non-negotiable.

02

2. Skipping idempotency

A retry without idempotency means double-charged customers. Always design around an idempotency key the moment a transaction is initiated.

03

3. Leaving credentials in code

Daraja credentials in env files committed to a repo is one of the most common breaches we see. Use a real secret manager, vaulted access, and rotation.

04

4. Manual reconciliation

Reconciliation is at least half of any real M-Pesa engagement. Automate it from day one. Your finance team will thank you.

05

5. Swallowing error codes

Daraja error codes are surprisingly precise. Map and surface them — don't generalize to 'payment failed'.

06

6. Ignoring rate limits

Sandbox is permissive; production is not. Bulk B2C disbursements without rate-limit handling will silently start failing.

07

7. No audit trail

Every state transition for every transaction should be logged. When Safaricom or your auditor asks questions, you need answers ready in 30 seconds.

#M-Pesa#Daraja#Payments
ShareXLinkedInWhatsApp
TT
Author

Teddy Thande

Founder of Thunder Studio. Nairobi-based engineer and designer building premium web, AI, and SaaS systems for category-defining brands across Kenya and beyond.

◆ The Studio Dispatch

One quiet email. Once a month.

Field notes on premium web, AI automation, and modern brand systems — written for Kenyan operators building serious things.

Live · Replies in mins
Chat with the studio on WhatsApp