Phone pop-up payment
M-Pesa STK Push testing
This page prepares the M-Pesa pop-up payment flow where a customer receives a prompt on their phone to enter their M-Pesa PIN.
Important: A real M-Pesa STK Push cannot run from static HTML alone. It requires Safaricom Daraja API or a payment provider connected through a secure backend server. This page includes a simulation mode and a backend endpoint field for future integration.
STK Push test form
Use this to test the payment flow design. Leave backend endpoint empty for simulation mode.
Testing phone set: +254 795 587 773. Sandbox may not send a real pop-up to every real phone number; Safaricom sandbox may require its approved test phone. For live customer pop-ups, use production credentials and a valid shortcode/till/paybill/payment provider.
What you need for real STK Push
- ✓Safaricom Daraja API account, or payment provider account.
- ✓Business shortcode / Paybill / Till or supported payment account.
- ✓Consumer key, consumer secret, passkey, callback URL.
- ✓Secure backend server. Never put API secrets in HTML.
- ✓HTTPS domain/subdomain for callback.
STK Push flow
This is the real payment process after backend integration.
1
Buyer checks out
Buyer enters M-Pesa phone and amount.
2
Backend sends request
Server calls Daraja/payment provider securely.
3
Phone prompt appears
Customer enters M-Pesa PIN on phone.
4
Callback confirms
Backend records success/failure and updates order.
Example backend request payload
{
"phone": "2547XXXXXXXX",
"amount": 500,
"reference": "KMO-ORDER-001",
"receiverPhone": "254795587773"
}
Recommended providers
You can integrate directly with Safaricom Daraja, or use providers that simplify M-Pesa/card payments such as IntaSend, Pesapal, Flutterwave, or other Kenya-supported payment gateways.
For real launch, use a business/merchant account where possible, not just a personal number, for better records and trust.