◆ Web Development
M-Pesa integration pitfalls that cost real money
Seven Daraja API mistakes we see weekly — and the production-grade patterns that fix them.
18 Mar 2026·10 min read·By Teddy Thande
M-Pesa integrations in Kenya look easy in the sandbox. Then production happens — duplicate payments, dropped callbacks, finance teams stuck reconciling 800 transactions in Excel.
01 —
1. Treating callbacks as reliable
Daraja callbacks fail more than you think. Idempotent, queryable transactions plus a reconciliation cron are non-negotiable.
02 —
2. Skipping idempotency
A retry without idempotency means double-charged customers. Always design around an idempotency key the moment a transaction is initiated.
03 —
3. Leaving credentials in code
Daraja credentials in env files committed to a repo is one of the most common breaches we see. Use a real secret manager, vaulted access, and rotation.
04 —
4. Manual reconciliation
Reconciliation is at least half of any real M-Pesa engagement. Automate it from day one. Your finance team will thank you.
05 —
5. Swallowing error codes
Daraja error codes are surprisingly precise. Map and surface them — don't generalize to 'payment failed'.
06 —
6. Ignoring rate limits
Sandbox is permissive; production is not. Bulk B2C disbursements without rate-limit handling will silently start failing.
07 —
7. No audit trail
Every state transition for every transaction should be logged. When Safaricom or your auditor asks questions, you need answers ready in 30 seconds.
#M-Pesa#Daraja#Payments
TT
Author
Teddy Thande
Founder of Thunder Studio. Nairobi-based engineer and designer building premium web, AI, and SaaS systems for category-defining brands across Kenya and beyond.
◆ The Studio Dispatch
One quiet email. Once a month.
Field notes on premium web, AI automation, and modern brand systems — written for Kenyan operators building serious things.
Related reading
Web Development
Why most business websites fail (and the five fixes that work)
An honest diagnosis of why business websites underperform — and the five interventions, in order, that turn a brochure site into a real revenue channel.
Web Development
Website redesign checklist: the 30 things that actually matter
A no-fluff checklist for businesses planning a website redesign — covering strategy, content, design, SEO, performance, and launch. Built from years of redesign work.
Web Development
M-Pesa integration guide: what every Kenyan business needs to know
A founder-friendly guide to integrating M-Pesa Daraja into your website, e-commerce store, or SaaS — covering STK Push, callbacks, reconciliation, and the mistakes that quietly lose money.