In order to go LIVE with MPESA through peach payments, you need to provide us with the below credentials. You would have gotten these from MPESA during onboarding.

C2B/ Lipa na M-PESA API

Config ValueDescription
Prod-NameYour production name that is assigned to you by M-PESA
PartyB/ShortcodeThe Short Code of the Organisation receiving funds
PasskeyRequired for the base64 encoding that generates the "Password" for the transaction
Consumer KeyFor the generation of the OAuth access token
Consumer SecretFor the generation of the OAuth access token

B2C/ Refund API

Config ValueDescription
Initiator NameThe username used to authenticate the transaction request
SecurityCredentialValidates transaction on M-PESA core system
PartyA/ShortcodeOrganization's shortcode
Consumer KeyFor the generation of the OAuth access token
Consumer SecretFor the generation of the OAuth access token

If you dont have M-PESE Credentials, you can read the below that gives information on how this can be done.


  • Apply for B2C, C2B and B2B short codes. For each application ensure that portal access is also requested as the username is required for Step 2
  • After completing testing, upload the test cases Excel spreadsheet attached below in the developer portal:


  • Use this as a guide for the Go Live process:
  • The test case document needs to be uploaded separately for the B2C and C2B portals respectively ie. step 2 needs to be done twice for each short code
  • Once test cases have been uploaded wait for the M-Pesa Team to approve test cases and provide production API URL's and credentials. Send these credentials to Peach Payments to get started
  • Request M-Pesa certificate to allow your organization to access the M-Pesa admin portal following the steps here:
  • Ensure that you've done the following or else step 5 will fail:
    Add the Vodafone URL under trusted sites using the steps below:
    Tools > Internet options > Security > select trusted sites > select Sites >  add the URL > refresh browser and resubmit the certificate request. Then add it under compatibility view settings also by clicking on Tools >Compatibility view settings > Add
  • Once access to the certificate has been granted. Ensure that the certificate is placed under Personal using the steps below:
     Tools > Internet options > Content > Certificates
  • For the B2C API, a security credential needs to be configured in the portal by following step 5 here

Integration Options:

You can do a custom intergration with  MPESA into our Checkout (Hosted Payments Page) or using our Switch

MPESA can also be used with ShopifyWordpress, Magento


M-Pesa Short Codes will be deactivated after 6 months of inactivity

M-Pesa Login accounts will be locked 30 days of inactivity