mpesa api integration in laravel 7
Laravel

M-pesa API Integration in laravel 7 Part 3

M-pesa api integration .MPESA is the most convenient way to send and receive money in kenya. In addition, customers can be able to make business payments, business can make payments to customers or other businesses.

M-PESA released their new API(Application Programming Interface)to enable developers to access MPESA services. Such services included in the API are B2B, B2C, C2B, and reversals.

In part 2, we learned how to create mpesa migration, validation method, and confirmation method, in this lesson we are going to continue with our tutorial series and we are going to learn how we can register our validation and confirmation method with Safaricom M-pesa API.

Register Method

Safaricom M-pesa API provides C2B register URL API which registers the third party’s confirmation and validation URLs to M-pesa, which maps these URLs to the third party Shortcode. Whenever M-pesa receives transactions on the Shortcode, M-pesa triggers a validation request against the Validation URL and the party system responds M-pesa with validation response (either a success or an error code). Depending on the response, M-pesa completes transactions by calling the confirmation URL or cancels the transactions.

The next step is to open our MpesaController.php and make sure it has the following code:

<?php

namespace App\Http\Controllers;

use App\MpesaTransaction;
use Carbon\Carbon;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Storage;

class MpesaController extends Controller
{

    /**
     * Lipa na M-PESA password
     * */

    public function lipaNaMpesaPassword()
    {
        $lipa_time = Carbon::rawParse('now')->format('YmdHms');
        $passkey = "bfb279f9aa9bdbcf158e97dd71a467cd2e0c893059b10f78e6b72ada1ed2c919";
        $BusinessShortCode = 174379;
        $timestamp =$lipa_time;

        $lipa_na_mpesa_password = base64_encode($BusinessShortCode.$passkey.$timestamp);
        return $lipa_na_mpesa_password;
    }


    /**
     * Lipa na M-PESA STK Push method
     * */

    public function customerMpesaSTKPush()
    {
        $url = 'https://sandbox.safaricom.co.ke/mpesa/stkpush/v1/processrequest';

        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, $url);
        curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type:application/json','Authorization:Bearer '.$this->generateAccessToken()));


        $curl_post_data = [
            //Fill in the request parameters with valid values
            'BusinessShortCode' => 174379,
            'Password' => $this->lipaNaMpesaPassword(),
            'Timestamp' => Carbon::rawParse('now')->format('YmdHms'),
            'TransactionType' => 'CustomerPayBillOnline',
            'Amount' => 5,
            'PartyA' => 254706584018, // replace this with your phone number
            'PartyB' => 174379,
            'PhoneNumber' => 254706584018, // replace this with your phone number
            'CallBackURL' => 'https://webtech.co.ke/',
            'AccountReference' => "webtech tutorial",
            'TransactionDesc' => "Testing stk push on sandbox"
        ];

        $data_string = json_encode($curl_post_data);

        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($curl, CURLOPT_POST, true);
        curl_setopt($curl, CURLOPT_POSTFIELDS, $data_string);

        $curl_response = curl_exec($curl);

        return $curl_response;
    }


    public function generateAccessToken()
    {
        $consumer_key="sMpgnYW62glBlxPXbyTBEGdPib8eJLOL";
        $consumer_secret="IcK2PkAFArVVVffU";
        $credentials = base64_encode($consumer_key.":".$consumer_secret);

        $url = "https://sandbox.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials";
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, $url);
        curl_setopt($curl, CURLOPT_HTTPHEADER, array("Authorization: Basic ".$credentials));
        curl_setopt($curl, CURLOPT_HEADER,false);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

        $curl_response = curl_exec($curl);
        $access_token=json_decode($curl_response);
        return $access_token->access_token;
    }


    /**
     * J-son Response to M-pesa API feedback - Success or Failure
     */
    public function createValidationResponse($result_code, $result_description){
        $result=json_encode(["ResultCode"=>$result_code, "ResultDesc"=>$result_description]);
        $response = new Response();
        $response->headers->set("Content-Type","application/json; charset=utf-8");
        $response->setContent($result);
        return $response;
    }


    /**
     *  M-pesa Validation Method
     * Safaricom will only call your validation if you have requested by writing an official letter to them
     */

    public function mpesaValidation(Request $request)
    {
        $result_code = "0";
        $result_description = "Accepted validation request.";
        return $this->createValidationResponse($result_code, $result_description);
    }

    /**
     * M-pesa Transaction confirmation method, we save the transaction in our databases
     */

    public function mpesaConfirmation(Request $request)
    {
        $content=json_decode($request->getContent());

        $mpesa_transaction = new MpesaTransaction();
        $mpesa_transaction->TransactionType = $content->TransactionType;
        $mpesa_transaction->TransID = $content->TransID;
        $mpesa_transaction->TransTime = $content->TransTime;
        $mpesa_transaction->TransAmount = $content->TransAmount;
        $mpesa_transaction->BusinessShortCode = $content->BusinessShortCode;
        $mpesa_transaction->BillRefNumber = $content->BillRefNumber;
        $mpesa_transaction->InvoiceNumber = $content->InvoiceNumber;
        $mpesa_transaction->OrgAccountBalance = $content->OrgAccountBalance;
        $mpesa_transaction->ThirdPartyTransID = $content->ThirdPartyTransID;
        $mpesa_transaction->MSISDN = $content->MSISDN;
        $mpesa_transaction->FirstName = $content->FirstName;
        $mpesa_transaction->MiddleName = $content->MiddleName;
        $mpesa_transaction->LastName = $content->LastName;
        $mpesa_transaction->save();


        // Responding to the confirmation request
        $response = new Response();
        $response->headers->set("Content-Type","text/xml; charset=utf-8");
        $response->setContent(json_encode(["C2BPaymentConfirmationResult"=>"Success"]));


        return $response;
    }


    /**
     * M-pesa Register Validation and Confirmation method
     */
    public function mpesaRegisterUrls()
    {
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, 'https://sandbox.safaricom.co.ke/mpesa/c2b/v1/registerurl');
        curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type:application/json','Authorization: Bearer '. $this->generateAccessToken()));

        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($curl, CURLOPT_POST, true);
        curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode(array(
            'ShortCode' => "600141",
            'ResponseType' => 'Completed',
            'ConfirmationURL' => "https://webtech.co.ke/api/v1/hlab/transaction/confirmation",
            'ValidationURL' => "https://webtech.co.ke/api/v1/hlab/validation"
        )));
        $curl_response = curl_exec($curl);
        echo $curl_response;
    }

}

From our code:

  • Line 152 to 168 – we have created a method called mpesaRegisterUrls() which we will trigger in order for us to call M-pesa to register API.
  • Line 154 –  we create an initiate curl.
  • Line 155 – we pass the M-pesa Register API URL. In this case, we are using sandbox register urls.
  • Line 160 to 165 – we define our post data to Safaricom register API.
  • Line 161 – we pass our Shortcode.
  • Line 162 – we define the response type.
  • Line 163 – we define our confirmation URL.
  • Line 164 – we define our validation URL.
  • Line 166 – we define our response from Safaricom response API
  • Line 167 – we echo the response from Safaricom M-pesa register API

NB: By default, Safaricom does not enable validation URL, you have to write an official letter for them to enable validation on your Shortcode.

The next step is to open our api.php route file and make sure it has the following code:

<?php

use Illuminate\Http\Request;

/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/

Route::middleware('auth:api')->get('/user', function (Request $request) {
    return $request->user();
});

Route::post('v1/access/token', 'MpesaController@generateAccessToken');
Route::post('v1/webtech/stk/push', 'MpesaController@customerMpesaSTKPush');
Route::post('v1/webtech/validation', 'MpesaController@mpesaValidation');
Route::post('v1/webtech/transaction/confirmation', 'MpesaController@mpesaConfirmation');
Route::post('v1/webtech/register/url', 'MpesaController@mpesaRegisterUrls');

On line 24, we have defined a post URL that goes to our register method. The next step is to test whether our register method works. Ensure that Laravel development server is running by using the following command:

Make sure your development server is running, then open postman and hit your register URL to trigger our M-pesa register method. In my case this is my URL:

http://127.0.0.1:8000/api/v1/webtech/register/url

Remember this is a post request. Here is a screenshot of my postman:

register urls response

NB: Safaricom allows you to register the URL’s once if you need to change the validation and confirmation URL’s you have to write an official letter.

We have concluded with our mpesa API integration using laravel 7.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *