SlideShare a Scribd company logo

Mpesa Payment System

Peter Njeru
Peter Njeru

A (relatively) Deep Dive into the Inner Workings of the popular M-Pesa Payment System in Kenya

Technology
1 of 20
M-Pesa System & Daraja APIs A (Relatively) Deep Dive into the Inner Workings #AndelaWorkshop – 7th Nov. 2018
Mpesa ‘Logical Division’ MPesa Identities Access Channels Transaction Types Roles and Permissions Others
Identity Types Identity Types Service Provider Organizations Agencies Subscriber • SP (Service Provider) • System owner
Identity Types Identity Types Service Provider Organizations Agencies Subscriber • Organizations (Merchants) • Represents all business identities having an account on the system doing business with the SP • Identified by a 5-10 digit shortcode (generally called paybill) and an organization/business name • Can have child identities under it, namely: • Child paybills • Till numbers
Identity Types Identity Types Service Provider Organizations Agencies Subscriber • Agencies • Represents Agents doing business for the SP • Also identified by a shortcode
Identity Types Identity Types Service Provider Organizations Agencies Subscriber • Subscribers • Represents individual customers on the system • Identified by unique MSISDNs/Phone numbers on the system
Operator Types User Types SP Operator Organization Operator Agents Customer • SP Operators • Overall Lords of the system
User Types User Types SP Operator Organization Operator Agents Customer • Organization Operators • Unique per Organization • Identified by a username • Have control over aspects of their respective organization only • Capabilities are limited to the roles assigned to them
User Types User Types SP Operator Organization Operator Agents Customer • Customers • Unique system-wide • Identified by the phone number
Access Channels Access Channels Web Handset API
Permissions, Roles • Permissions determine all the possible operations on given aspects of the system i.e. users, actions, transactions and configurations. • They follow the RBAC approach of access control • Some permissions include: o Viewing transactions o Executing new transactions o Reversal of transactions o Creating users o Disabling users o Changing user details
Permissions, Roles • Roles are groupings of permissions designed to enable specific functionality for a specific user on the system • A user can have more than one role on a system • Some roles are mutually exclusive i.e. cannot be assigned to the same user at the same time • Each role is tied to a specific Access channel • Web roles cannot perform API requests and API roles cannot log into the web portal • Roles can be combined to overcome the above restrictions (not recommended)
Permissions, Roles • Well-known roles include: o Business Administrator o Business Manager o Business Web Operator o Set Org API Password o Org Reversals Initiator o Org B2C API Initiator o Balance Query Org API o Org B2B API Initiator
Transaction Types Transaction Types Services Command IDs Products • Transaction Types are the actual transaction flows possible on the system • Transaction types are combined with the business rules to control what transactions are allowed for 3rd parties and how they are executed • All Services are derived from the transaction types provided by the system • Services are the main part of the business rules. They determine why, how and who will perform transactions and actions, and how the money flows in the system • You can only access Services granted by the product assigned to your shortcode • Access to Services is also limited by the role assigned to the user, who must have necessary permissions to use that Service
Transaction Types Cont’d Transaction Types Services Command IDs Products • Products are the grouping of related Services for a specific business case. These are part of the business rules • Products are assigned depending on business use case, the main factor being the client paying the business • Most commonly known products are: o Paybill Head Office o Paybill Store o Merchant Head Office Product o Merchant Store o Merchant Till o Agent Products* • Multiple services are reusable across products • Command IDs are the unique identifiers for Services for the API channel • M-Pesa APIs are modeled after the Services, and accessed via the Handset or API channels
M-Pesa Broker • This is the primary interface between M-Pesa and the world • All access to M-Pesa from 3rd parties is via this system • It is a SOAP/XML-based API (for tight security and strict controls) • Is the primary interface for the previous M-Pesa API version • Access depends on use-case: o For transactions sourced from 3rd party to Safaricom, a VPN Tunnel is required o For transactions sourced from Safaricom to 3rd Party, only a whitelist is required • Main functions include: o Store callback URLs for C2B transactions for registered clients o Access control for all 3rd Party API callers o Authenticate 3rd Party API callers
M-Pesa Accounts Accounts MMF/Working A/C Utility A/C Float A/C Merchant A/C Charges Paid A/C • MMF Account: typically used for outgoing/debit cash • Utility: used for incoming/credit cash • Float: used by agents for both debit and credit cash • Merchant: used by till numbers for incoming cash • Charges Paid: used for all charges to SP for all transactions
M-Pesa Transaction Flows Transaction Flows Generic/B2C/B2B C2B STK Push
Resources • Tutorial: https://peternjeru.co.ke/safdaraja/ui/ • Developer Docs: https://developer.safaricom.co.ke/docs • Telegram: https://t.me/payments_api • Slides: o SpeakerDeck: https://speakerdeck.com/pmnjeru/m-pesa-system o SlideShare: https://www.slideshare.net/secret/DTjyB654r1SJGs
Questions..?

Recommended

Insurance Innovation Award-FWD Life Indonesia
Insurance Innovation Award-FWD Life IndonesiaInsurance Innovation Award-FWD Life Indonesia
Insurance Innovation Award-FWD Life Indonesia
The Digital Insurer
 
How Bayer Stopped Payments Pain with ISO20022
How Bayer Stopped Payments Pain with ISO20022How Bayer Stopped Payments Pain with ISO20022
How Bayer Stopped Payments Pain with ISO20022
Nasreen Quibria
 
The Ultimate Guide to Customer Loyalty in 2017
The Ultimate Guide to Customer Loyalty in 2017The Ultimate Guide to Customer Loyalty in 2017
The Ultimate Guide to Customer Loyalty in 2017
Margaret Link
 
Customer Data Platform
Customer Data PlatformCustomer Data Platform
Customer Data Platform
Prasanna Hegde
 
Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise
WSO2
 
GoCardless Overview
GoCardless OverviewGoCardless Overview
GoCardless Overview
Nicola Anderson
 
CRM
CRMCRM
CRM
The House of Marketing
 
The Power Of Open Banking Coupled With Artificial Intelligence
The Power Of Open Banking Coupled With Artificial IntelligenceThe Power Of Open Banking Coupled With Artificial Intelligence
The Power Of Open Banking Coupled With Artificial Intelligence
IndusNetMarketing
 

Recommended

Insurance Innovation Award-FWD Life Indonesia
Insurance Innovation Award-FWD Life IndonesiaInsurance Innovation Award-FWD Life Indonesia
Insurance Innovation Award-FWD Life Indonesia
The Digital Insurer
 
How Bayer Stopped Payments Pain with ISO20022
How Bayer Stopped Payments Pain with ISO20022How Bayer Stopped Payments Pain with ISO20022
How Bayer Stopped Payments Pain with ISO20022
Nasreen Quibria
 
The Ultimate Guide to Customer Loyalty in 2017
The Ultimate Guide to Customer Loyalty in 2017The Ultimate Guide to Customer Loyalty in 2017
The Ultimate Guide to Customer Loyalty in 2017
Margaret Link
 
Customer Data Platform
Customer Data PlatformCustomer Data Platform
Customer Data Platform
Prasanna Hegde
 
Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise
WSO2
 
GoCardless Overview
GoCardless OverviewGoCardless Overview
GoCardless Overview
Nicola Anderson
 
CRM
CRMCRM
CRM
The House of Marketing
 
The Power Of Open Banking Coupled With Artificial Intelligence
The Power Of Open Banking Coupled With Artificial IntelligenceThe Power Of Open Banking Coupled With Artificial Intelligence
The Power Of Open Banking Coupled With Artificial Intelligence
IndusNetMarketing
 
Intranet Information Architecture
Intranet Information ArchitectureIntranet Information Architecture
Intranet Information Architecture
Prescient Digital Media
 
Personalizing the Customer Experience with a Customer Data Platform Master Cl...
Personalizing the Customer Experience with a Customer Data Platform Master Cl...Personalizing the Customer Experience with a Customer Data Platform Master Cl...
Personalizing the Customer Experience with a Customer Data Platform Master Cl...
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Apple health Ecosystem
Apple health Ecosystem Apple health Ecosystem
Apple health Ecosystem
Kugsang Jeong
 
Customer Relationship Management
Customer Relationship ManagementCustomer Relationship Management
Customer Relationship Management
ASAD ALI
 
Top 10 pre sales consultant interview questions and answers
Top 10 pre sales consultant interview questions and answersTop 10 pre sales consultant interview questions and answers
Top 10 pre sales consultant interview questions and answers
jonhsster
 
Convincing your CEO to invest in a loyalty programme
Convincing your CEO to invest in a loyalty programmeConvincing your CEO to invest in a loyalty programme
Convincing your CEO to invest in a loyalty programme
colinjones001
 
Open banking-Future of Banking
Open banking-Future of BankingOpen banking-Future of Banking
Open banking-Future of Banking
farhan ali
 
Customer Loyalty program trends 2021
Customer Loyalty program trends 2021Customer Loyalty program trends 2021
Customer Loyalty program trends 2021
Kushal Shah
 
CRM Architecture
CRM ArchitectureCRM Architecture
CRM Architecture
Pravin Kumar Singh, PMP, PSM
 
Revolut.pptx
Revolut.pptxRevolut.pptx
Revolut.pptx
ssuser5344e61
 
Communication Map With Strategic Content And Important Tasks Report Ppt Pdf D...
Communication Map With Strategic Content And Important Tasks Report Ppt Pdf D...Communication Map With Strategic Content And Important Tasks Report Ppt Pdf D...
Communication Map With Strategic Content And Important Tasks Report Ppt Pdf D...
SlideTeam
 
Marketing in FinTech
Marketing in FinTechMarketing in FinTech
Marketing in FinTech
Acta School
 
Customer Support Scores: CSAT vs. NPS vs. CES
Customer Support Scores: CSAT vs. NPS vs. CESCustomer Support Scores: CSAT vs. NPS vs. CES
Customer Support Scores: CSAT vs. NPS vs. CES
TaskUs
 
Telecom API Management and Monetization
Telecom API Management and MonetizationTelecom API Management and Monetization
Telecom API Management and Monetization
InomeraResearch
 
Research Proposal: Beauty Parlor market in Karachi
Research Proposal: Beauty Parlor market in KarachiResearch Proposal: Beauty Parlor market in Karachi
Research Proposal: Beauty Parlor market in Karachi
Anam Hakeem
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Implementing Customer Loyalty Program PowerPoint Presentation Slides
Implementing Customer Loyalty Program PowerPoint Presentation SlidesImplementing Customer Loyalty Program PowerPoint Presentation Slides
Implementing Customer Loyalty Program PowerPoint Presentation Slides
SlideTeam
 
LinkedIn - Your B2B Partner of Choice
LinkedIn - Your B2B Partner of ChoiceLinkedIn - Your B2B Partner of Choice
LinkedIn - Your B2B Partner of Choice
LinkedIn
 
Proactive Outreach Manager Presentation - pds_user_group_sept_2013_2
Proactive Outreach Manager Presentation - pds_user_group_sept_2013_2Proactive Outreach Manager Presentation - pds_user_group_sept_2013_2
Proactive Outreach Manager Presentation - pds_user_group_sept_2013_2
David Ward
 
Numarketing BPO presentation
Numarketing BPO presentationNumarketing BPO presentation
Numarketing BPO presentation
numarketing
 
apidays LIVE India - Open Broking revolution in India by Raghava BS, Angel Br...
apidays LIVE India - Open Broking revolution in India by Raghava BS, Angel Br...apidays LIVE India - Open Broking revolution in India by Raghava BS, Angel Br...
apidays LIVE India - Open Broking revolution in India by Raghava BS, Angel Br...
apidays
 
ISV Tech Talk: Partner Business Org (October 15, 2014)
ISV Tech Talk: Partner Business Org (October 15, 2014)ISV Tech Talk: Partner Business Org (October 15, 2014)
ISV Tech Talk: Partner Business Org (October 15, 2014)
Salesforce Partners
 

More Related Content

What's hot

Top 10 pre sales consultant interview questions and answers
Top 10 pre sales consultant interview questions and answersTop 10 pre sales consultant interview questions and answers
Top 10 pre sales consultant interview questions and answers
jonhsster
 
Communication Map With Strategic Content And Important Tasks Report Ppt Pdf D...
Communication Map With Strategic Content And Important Tasks Report Ppt Pdf D...Communication Map With Strategic Content And Important Tasks Report Ppt Pdf D...
Communication Map With Strategic Content And Important Tasks Report Ppt Pdf D...
SlideTeam
 
Research Proposal: Beauty Parlor market in Karachi
Research Proposal: Beauty Parlor market in KarachiResearch Proposal: Beauty Parlor market in Karachi
Research Proposal: Beauty Parlor market in Karachi
Anam Hakeem
 
Implementing Customer Loyalty Program PowerPoint Presentation Slides
Implementing Customer Loyalty Program PowerPoint Presentation SlidesImplementing Customer Loyalty Program PowerPoint Presentation Slides
Implementing Customer Loyalty Program PowerPoint Presentation Slides
SlideTeam
 

What's hot (20)

Intranet Information Architecture
Intranet Information ArchitectureIntranet Information Architecture
Intranet Information Architecture
 
Personalizing the Customer Experience with a Customer Data Platform Master Cl...
Personalizing the Customer Experience with a Customer Data Platform Master Cl...Personalizing the Customer Experience with a Customer Data Platform Master Cl...
Personalizing the Customer Experience with a Customer Data Platform Master Cl...
 
Apple health Ecosystem
Apple health Ecosystem Apple health Ecosystem
Apple health Ecosystem
 
Customer Relationship Management
Customer Relationship ManagementCustomer Relationship Management
Customer Relationship Management
 
Top 10 pre sales consultant interview questions and answers
Top 10 pre sales consultant interview questions and answersTop 10 pre sales consultant interview questions and answers
Top 10 pre sales consultant interview questions and answers
 
Convincing your CEO to invest in a loyalty programme
Convincing your CEO to invest in a loyalty programmeConvincing your CEO to invest in a loyalty programme
Convincing your CEO to invest in a loyalty programme
 
Open banking-Future of Banking
Open banking-Future of BankingOpen banking-Future of Banking
Open banking-Future of Banking
 
Customer Loyalty program trends 2021
Customer Loyalty program trends 2021Customer Loyalty program trends 2021
Customer Loyalty program trends 2021
 
CRM Architecture
CRM ArchitectureCRM Architecture
CRM Architecture
 
Revolut.pptx
Revolut.pptxRevolut.pptx
Revolut.pptx
 
Communication Map With Strategic Content And Important Tasks Report Ppt Pdf D...
Communication Map With Strategic Content And Important Tasks Report Ppt Pdf D...Communication Map With Strategic Content And Important Tasks Report Ppt Pdf D...
Communication Map With Strategic Content And Important Tasks Report Ppt Pdf D...
 
Marketing in FinTech
Marketing in FinTechMarketing in FinTech
Marketing in FinTech
 
Customer Support Scores: CSAT vs. NPS vs. CES
Customer Support Scores: CSAT vs. NPS vs. CESCustomer Support Scores: CSAT vs. NPS vs. CES
Customer Support Scores: CSAT vs. NPS vs. CES
 
Telecom API Management and Monetization
Telecom API Management and MonetizationTelecom API Management and Monetization
Telecom API Management and Monetization
 
Research Proposal: Beauty Parlor market in Karachi
Research Proposal: Beauty Parlor market in KarachiResearch Proposal: Beauty Parlor market in Karachi
Research Proposal: Beauty Parlor market in Karachi
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Implementing Customer Loyalty Program PowerPoint Presentation Slides
Implementing Customer Loyalty Program PowerPoint Presentation SlidesImplementing Customer Loyalty Program PowerPoint Presentation Slides
Implementing Customer Loyalty Program PowerPoint Presentation Slides
 
LinkedIn - Your B2B Partner of Choice
LinkedIn - Your B2B Partner of ChoiceLinkedIn - Your B2B Partner of Choice
LinkedIn - Your B2B Partner of Choice
 
Proactive Outreach Manager Presentation - pds_user_group_sept_2013_2
Proactive Outreach Manager Presentation - pds_user_group_sept_2013_2Proactive Outreach Manager Presentation - pds_user_group_sept_2013_2
Proactive Outreach Manager Presentation - pds_user_group_sept_2013_2
 
Numarketing BPO presentation
Numarketing BPO presentationNumarketing BPO presentation
Numarketing BPO presentation
 

Similar to Mpesa Payment System

Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28
floridawusergroup
 
Open Banking APIs with an Agile Way of Working
Open Banking APIs with an Agile Way of WorkingOpen Banking APIs with an Agile Way of Working
Open Banking APIs with an Agile Way of Working
Nordic APIs
 

Similar to Mpesa Payment System (20)

apidays LIVE India - Open Broking revolution in India by Raghava BS, Angel Br...
apidays LIVE India - Open Broking revolution in India by Raghava BS, Angel Br...apidays LIVE India - Open Broking revolution in India by Raghava BS, Angel Br...
apidays LIVE India - Open Broking revolution in India by Raghava BS, Angel Br...
 
ISV Tech Talk: Partner Business Org (October 15, 2014)
ISV Tech Talk: Partner Business Org (October 15, 2014)ISV Tech Talk: Partner Business Org (October 15, 2014)
ISV Tech Talk: Partner Business Org (October 15, 2014)
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital Transformation
 
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
 
Explaining API For Dummies
Explaining API For DummiesExplaining API For Dummies
Explaining API For Dummies
 
Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28
 
Distribute Program Overview
Distribute Program OverviewDistribute Program Overview
Distribute Program Overview
 
P2P cryptocurrency exchange development - Business ideas for startups.pptx
P2P cryptocurrency exchange development - Business ideas for startups.pptxP2P cryptocurrency exchange development - Business ideas for startups.pptx
P2P cryptocurrency exchange development - Business ideas for startups.pptx
 
MuleSoft Surat Meetup#51 - API Monitoring - Through a New Lens
MuleSoft Surat Meetup#51 - API Monitoring - Through a New LensMuleSoft Surat Meetup#51 - API Monitoring - Through a New Lens
MuleSoft Surat Meetup#51 - API Monitoring - Through a New Lens
 
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
 
ISV Tech Talk: License Management App (October 15, 2014)
ISV Tech Talk: License Management App (October 15, 2014)ISV Tech Talk: License Management App (October 15, 2014)
ISV Tech Talk: License Management App (October 15, 2014)
 
From Full Form to Applications A Comprehensive Guide to RPA’s Benefits and De...
From Full Form to Applications A Comprehensive Guide to RPA’s Benefits and De...From Full Form to Applications A Comprehensive Guide to RPA’s Benefits and De...
From Full Form to Applications A Comprehensive Guide to RPA’s Benefits and De...
 
apidays LIVE Paris 2021 - Digital API Ecosystems, Marketplaces and Platforms ...
apidays LIVE Paris 2021 - Digital API Ecosystems, Marketplaces and Platforms ...apidays LIVE Paris 2021 - Digital API Ecosystems, Marketplaces and Platforms ...
apidays LIVE Paris 2021 - Digital API Ecosystems, Marketplaces and Platforms ...
 
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
 
Open Banking APIs with an Agile Way of Working
Open Banking APIs with an Agile Way of WorkingOpen Banking APIs with an Agile Way of Working
Open Banking APIs with an Agile Way of Working
 
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
apidays LIVE Hong Kong 2021 - Next Stage for Open API at Banking Industry by ...
 
API Monetization – It Does Not Mean What You Think It Means. It Is Far More
API Monetization – It Does Not Mean What You Think It Means. It Is Far MoreAPI Monetization – It Does Not Mean What You Think It Means. It Is Far More
API Monetization – It Does Not Mean What You Think It Means. It Is Far More
 
apidays LIVE Hong Kong 2021 - APIs – Trust, Commerce and Connection by Richar...
apidays LIVE Hong Kong 2021 - APIs – Trust, Commerce and Connection by Richar...apidays LIVE Hong Kong 2021 - APIs – Trust, Commerce and Connection by Richar...
apidays LIVE Hong Kong 2021 - APIs – Trust, Commerce and Connection by Richar...
 
EVOLVE'14 | Keynote | Sal Visca | How APIs are Revolutionizing Commerce in th...
EVOLVE'14 | Keynote | Sal Visca | How APIs are Revolutionizing Commerce in th...EVOLVE'14 | Keynote | Sal Visca | How APIs are Revolutionizing Commerce in th...
EVOLVE'14 | Keynote | Sal Visca | How APIs are Revolutionizing Commerce in th...
 
Smartone v1.0
Smartone v1.0Smartone v1.0
Smartone v1.0
 

Recently uploaded

ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
VictorSzoltysek
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 

Recently uploaded (20)

AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
How to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in PakistanHow to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in Pakistan
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 

Mpesa Payment System

  • 1. M-Pesa System & Daraja APIs A (Relatively) Deep Dive into the Inner Workings #AndelaWorkshop – 7th Nov. 2018
  • 4. Identity Types Identity Types Service Provider Organizations Agencies Subscriber • Organizations (Merchants) • Represents all business identities having an account on the system doing business with the SP • Identified by a 5-10 digit shortcode (generally called paybill) and an organization/business name • Can have child identities under it, namely: • Child paybills • Till numbers
  • 5. Identity Types Identity Types Service Provider Organizations Agencies Subscriber • Agencies • Represents Agents doing business for the SP • Also identified by a shortcode
  • 6. Identity Types Identity Types Service Provider Organizations Agencies Subscriber • Subscribers • Represents individual customers on the system • Identified by unique MSISDNs/Phone numbers on the system
  • 7. Operator Types User Types SP Operator Organization Operator Agents Customer • SP Operators • Overall Lords of the system
  • 8. User Types User Types SP Operator Organization Operator Agents Customer • Organization Operators • Unique per Organization • Identified by a username • Have control over aspects of their respective organization only • Capabilities are limited to the roles assigned to them
  • 9. User Types User Types SP Operator Organization Operator Agents Customer • Customers • Unique system-wide • Identified by the phone number
  • 11. Permissions, Roles • Permissions determine all the possible operations on given aspects of the system i.e. users, actions, transactions and configurations. • They follow the RBAC approach of access control • Some permissions include: o Viewing transactions o Executing new transactions o Reversal of transactions o Creating users o Disabling users o Changing user details
  • 12. Permissions, Roles • Roles are groupings of permissions designed to enable specific functionality for a specific user on the system • A user can have more than one role on a system • Some roles are mutually exclusive i.e. cannot be assigned to the same user at the same time • Each role is tied to a specific Access channel • Web roles cannot perform API requests and API roles cannot log into the web portal • Roles can be combined to overcome the above restrictions (not recommended)
  • 13. Permissions, Roles • Well-known roles include: o Business Administrator o Business Manager o Business Web Operator o Set Org API Password o Org Reversals Initiator o Org B2C API Initiator o Balance Query Org API o Org B2B API Initiator
  • 14. Transaction Types Transaction Types Services Command IDs Products • Transaction Types are the actual transaction flows possible on the system • Transaction types are combined with the business rules to control what transactions are allowed for 3rd parties and how they are executed • All Services are derived from the transaction types provided by the system • Services are the main part of the business rules. They determine why, how and who will perform transactions and actions, and how the money flows in the system • You can only access Services granted by the product assigned to your shortcode • Access to Services is also limited by the role assigned to the user, who must have necessary permissions to use that Service
  • 15. Transaction Types Cont’d Transaction Types Services Command IDs Products • Products are the grouping of related Services for a specific business case. These are part of the business rules • Products are assigned depending on business use case, the main factor being the client paying the business • Most commonly known products are: o Paybill Head Office o Paybill Store o Merchant Head Office Product o Merchant Store o Merchant Till o Agent Products* • Multiple services are reusable across products • Command IDs are the unique identifiers for Services for the API channel • M-Pesa APIs are modeled after the Services, and accessed via the Handset or API channels
  • 16. M-Pesa Broker • This is the primary interface between M-Pesa and the world • All access to M-Pesa from 3rd parties is via this system • It is a SOAP/XML-based API (for tight security and strict controls) • Is the primary interface for the previous M-Pesa API version • Access depends on use-case: o For transactions sourced from 3rd party to Safaricom, a VPN Tunnel is required o For transactions sourced from Safaricom to 3rd Party, only a whitelist is required • Main functions include: o Store callback URLs for C2B transactions for registered clients o Access control for all 3rd Party API callers o Authenticate 3rd Party API callers
  • 17. M-Pesa Accounts Accounts MMF/Working A/C Utility A/C Float A/C Merchant A/C Charges Paid A/C • MMF Account: typically used for outgoing/debit cash • Utility: used for incoming/credit cash • Float: used by agents for both debit and credit cash • Merchant: used by till numbers for incoming cash • Charges Paid: used for all charges to SP for all transactions
  • 19. Resources • Tutorial: https://peternjeru.co.ke/safdaraja/ui/ • Developer Docs: https://developer.safaricom.co.ke/docs • Telegram: https://t.me/payments_api • Slides: o SpeakerDeck: https://speakerdeck.com/pmnjeru/m-pesa-system o SlideShare: https://www.slideshare.net/secret/DTjyB654r1SJGs