How to Build an Airtime & Bundles API – Developer Guide 2026

📖 Developer Guide

🚀 Why Use an API for Airtime & Bundles?
⚙️ Option 1 – Use a Reseller API (Quickest)
📡 Option 2 – Integrate Daraja API (Safaricom Direct)
🛠️ Option 3 – Build Your Own Middleware
📊 Comparison of API Options for Kenyan Developers
🔐 Security Best Practices for Airtime APIs
❓ Frequently Asked Questions

If you run a business that sells airtime, data bundles, or minutes (e.g., a cyber café, shop, or online platform), automating the purchase process via an API can save hours of manual work. This guide walks you through the options available in Kenya, from using a reseller’s API to integrating M‑PESA STK Push directly.

🚀 Why Use an API for Airtime & Bundles?

Automation: No more manual USSD dialling or app clicks.
Speed: Instant delivery to your customers after payment.
Scalability: Sell to thousands of users without extra labour.
Inventory control: Keep track of bundle stock automatically.

⚙️ Option 1 – Use a Reseller API (Quickest)

Several Kenyan bundle resellers offer APIs (e.g., BingwaSokoni, other similar platforms). You send a POST request with the phone number, bundle code, and amount – and the API triggers the purchase using their automated till system.

Example API Request (Node.js)

fetch('https://api.reseller.com/pay', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    till: '509947',
    amount: 55,
    phone: '0712345678',
    bundle: '1.25GB'
  })
});

Most reseller APIs use M‑PESA STK push – the customer receives a PIN prompt on their phone. After authorisation, the bundle is delivered instantly. You get a webhook callback to confirm success.

📡 Option 2 – Integrate Daraja API (Safaricom Direct)

For large-scale operations, you can apply for a Safaricom developer account and use the official Daraja API. This gives you access to STK push, reversal, and transaction status. However, you will not get subsidised prices – you pay the full network rate.

Daraja API Flow

Register as a Safaricom developer → Get consumer key & secret.
Generate an OAuth token.
Initiate STK push using the /stkpush endpoint.
Listen for callback to confirm payment.

This route is complex and requires a production‑ready server with proper SSL, but it gives you complete control.

⚠️ Note: The official Daraja API does not bypass Okoa Jahazi debt. If your customer owes airtime, the STK push will succeed but the bundle may not be delivered. Reseller APIs often handle this better.

🛠️ Option 3 – Build Your Own Middleware

You can create a system that purchases bundles via USSD simulation (not recommended, as it’s fragile and violates carrier terms). The safest middle ground is to become an authorised reseller for a telecom (e.g., Airtel Reseller Program) and use their provided APIs. However, those are not widely available to small businesses.

📊 Comparison of API Options for Kenyan Developers

Method	Price	Okoa Friendly	Setup Effort	Best For
Reseller API	Subsidised (cheaper)	✅ Yes	Low (API key + integration)	Small businesses, shops, online sellers
Daraja API	Official rates	❌ No	High (registration + server)	Large platforms, fintechs
Manual USSD automation	Official rates	❌ No	Very high (unreliable)	Avoid – not recommended

🔐 Security Best Practices for Airtime APIs

Never store M‑PESA PINs – use STK push only.
Validate phone numbers with regex before sending to API.
Use HTTPS for all API calls.
Implement idempotency keys to prevent double charging.
Log all transactions for auditing and customer support.

🛡️

Verified Merchant – Till 509947

Secure M‑PESA STK Push payments. Reseller API available for developers – contact us for documentation.

Written by the BingwaSoko Developer Team
Experienced developers and telecom automation specialists. Helping you integrate airtime APIs seamlessly.
Last reviewed: 26 May 2026

For more background on how M‑PESA payments work, read our M‑PESA error codes guide – useful when debugging API failures.

❓ Frequently Asked Questions – Airtime & Bundles API

Do I need to register a company to use a reseller API?

Not usually. Most reseller APIs are open to anyone, but you may need to sign up for an account and agree to their terms.

Can I automate buying bundles for multiple customers at once?

Yes, you can loop through a list of phone numbers and bundle codes, but be careful with rate limits. Implement delays to avoid overwhelming the API.

What happens if the API call fails?

You should have a fallback mechanism: retry after a few seconds, log the error, and notify your support team.

Are there any open‑source libraries for Daraja integration?

Yes – check GitHub for 'Daraja PHP' or 'Daraja Node'. Many developers have published wrappers.

Which API option works best with Okoa Jahazi?

Reseller APIs (like BingwaSokoni) typically bypass Okoa restrictions, while Daraja API may fail if the customer has outstanding debt.

What security practices should I follow when building an airtime API?

Never store M-PESA PINs – use STK push only. Validate phone numbers with regex, use HTTPS for all calls, implement idempotency keys to prevent double charging, and log all transactions.

💡 Developer tip: If you are building a customer‑facing airtime store, consider adding a “Gift a friend” feature. Many reseller APIs allow you to specify a different recipient number – this can differentiate your service.

Till: 509947

👉 Explore Automated Bundle API Documentation