DEV Community: Vincent Kioko The latest articles on DEV Community by Vincent Kioko (@sntaks). https://dev.to/sntaks https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1935684%2Fef74185b-9019-4b1f-8ba4-6db5e3886923.jpg DEV Community: Vincent Kioko https://dev.to/sntaks en Building a Fintech Wallet Using Laravel and M-Pesa Vincent Kioko Mon, 18 Aug 2025 06:12:29 +0000 https://dev.to/sntaks/building-a-fintech-wallet-using-laravel-and-m-pesa-3e87 https://dev.to/sntaks/building-a-fintech-wallet-using-laravel-and-m-pesa-3e87 <h2> Introduction </h2> <p>In today's fast-paced financial ecosystem, digital wallets have become<br> the backbone of fintech innovation. They provide users with convenience,<br> security, and accessibility when transacting online. In Kenya, M-Pesa<br> dominates the mobile money space, making it an essential integration for<br> any wallet solution. In this article, we'll walk through the process of<br> building a <strong>fintech wallet system using Laravel</strong> and integrating it<br> with the <strong>M-Pesa API</strong>.</p> <h2> Why Laravel for a Fintech Wallet? </h2> <p>Laravel is one of the most popular PHP frameworks because of its<br> simplicity, scalability, and security. Here's why it's a great choice<br> for fintech applications:</p> <ul> <li> <strong>Authentication &amp; Authorization</strong> -- Built-in user management and role handling.</li> <li> <strong>Database Migrations &amp; Eloquent ORM</strong> -- Makes schema design and data manipulation smooth.</li> <li> <strong>Security Features</strong> -- Protects against SQL injection, CSRF, and XSS attacks.</li> <li> <strong>API Development</strong> -- Supports RESTful APIs for mobile/web apps.</li> </ul> <h2> Key Features of Our Wallet </h2> <ol> <li> <strong>User Registration &amp; Authentication</strong> (with roles such as admin and customer).</li> <li> <strong>Wallet Account Management</strong> -- Every user has a balance.</li> <li> <strong>M-Pesa Deposits &amp; Withdrawals</strong> -- Secure integration with Daraja API.</li> <li> <strong>Transaction History</strong> -- Track deposits, withdrawals, and transfers.</li> <li> <strong>Admin Dashboard</strong> -- Monitor transactions, users, and revenue.</li> </ol> <h2> Step 1: Setting Up the Laravel Project </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>composer create-project laravel/laravel wallet <span class="nb">cd </span>wallet php artisan serve </code></pre> </div> <p>You should now see Laravel's welcome page at <code>http://127.0.0.1:8000</code>.</p> <h2> Step 2: Database Design </h2> <p>We'll need at least these tables:</p> <ul> <li> <strong>users</strong> → Stores user details.</li> <li> <strong>wallets</strong> → Each user's wallet balance.</li> <li> <strong>transactions</strong> → Records deposits, withdrawals, and transfers.</li> </ul> <p>Example migration for wallets:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nc">Schema</span><span class="o">::</span><span class="nf">create</span><span class="p">(</span><span class="s1">'wallets'</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="kt">Blueprint</span> <span class="nv">$table</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">id</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">unsignedBigInteger</span><span class="p">(</span><span class="s1">'user_id'</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">decimal</span><span class="p">(</span><span class="s1">'balance'</span><span class="p">,</span> <span class="mi">12</span><span class="p">,</span> <span class="mi">2</span><span class="p">)</span><span class="o">-&gt;</span><span class="k">default</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">timestamps</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">foreign</span><span class="p">(</span><span class="s1">'user_id'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">references</span><span class="p">(</span><span class="s1">'id'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">on</span><span class="p">(</span><span class="s1">'users'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">onDelete</span><span class="p">(</span><span class="s1">'cascade'</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <h2> Step 3: M-Pesa Integration </h2> <p>We'll integrate using <strong>Safaricom's Daraja API</strong>.</p> <h3> a) Get API Credentials </h3> <ul> <li> Register an app on <a href="https://developer.safaricom.co.ke" rel="noopener noreferrer">Safaricom Developer Portal</a>.</li> <li> Obtain <strong>Consumer Key</strong> and <strong>Consumer Secret</strong>.</li> </ul> <h3> b) Setup an M-Pesa Service Class </h3> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="kn">namespace</span> <span class="nn">App\Services</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Support\Facades\Http</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">MpesaService</span> <span class="p">{</span> <span class="k">protected</span> <span class="nv">$consumerKey</span><span class="p">;</span> <span class="k">protected</span> <span class="nv">$consumerSecret</span><span class="p">;</span> <span class="k">protected</span> <span class="nv">$shortcode</span><span class="p">;</span> <span class="k">protected</span> <span class="nv">$passkey</span><span class="p">;</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">()</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">consumerKey</span> <span class="o">=</span> <span class="nf">config</span><span class="p">(</span><span class="s1">'mpesa.consumer_key'</span><span class="p">);</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">consumerSecret</span> <span class="o">=</span> <span class="nf">config</span><span class="p">(</span><span class="s1">'mpesa.consumer_secret'</span><span class="p">);</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">shortcode</span> <span class="o">=</span> <span class="nf">config</span><span class="p">(</span><span class="s1">'mpesa.shortcode'</span><span class="p">);</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">passkey</span> <span class="o">=</span> <span class="nf">config</span><span class="p">(</span><span class="s1">'mpesa.passkey'</span><span class="p">);</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">stkPush</span><span class="p">(</span><span class="nv">$phone</span><span class="p">,</span> <span class="nv">$amount</span><span class="p">,</span> <span class="nv">$accountReference</span><span class="p">,</span> <span class="nv">$transactionDesc</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$accessToken</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">getAccessToken</span><span class="p">();</span> <span class="nv">$timestamp</span> <span class="o">=</span> <span class="nf">now</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">format</span><span class="p">(</span><span class="s1">'YmdHis'</span><span class="p">);</span> <span class="nv">$password</span> <span class="o">=</span> <span class="nb">base64_encode</span><span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">shortcode</span><span class="mf">.</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">passkey</span><span class="mf">.</span><span class="nv">$timestamp</span><span class="p">);</span> <span class="k">return</span> <span class="nc">Http</span><span class="o">::</span><span class="nf">withToken</span><span class="p">(</span><span class="nv">$accessToken</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">post</span><span class="p">(</span> <span class="s1">'https://sandbox.safaricom.co.ke/mpesa/stkpush/v1/processrequest'</span><span class="p">,</span> <span class="p">[</span> <span class="s1">'BusinessShortCode'</span> <span class="o">=&gt;</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">shortcode</span><span class="p">,</span> <span class="s1">'Password'</span> <span class="o">=&gt;</span> <span class="nv">$password</span><span class="p">,</span> <span class="s1">'Timestamp'</span> <span class="o">=&gt;</span> <span class="nv">$timestamp</span><span class="p">,</span> <span class="s1">'TransactionType'</span> <span class="o">=&gt;</span> <span class="s1">'CustomerPayBillOnline'</span><span class="p">,</span> <span class="s1">'Amount'</span> <span class="o">=&gt;</span> <span class="nv">$amount</span><span class="p">,</span> <span class="s1">'PartyA'</span> <span class="o">=&gt;</span> <span class="nv">$phone</span><span class="p">,</span> <span class="s1">'PartyB'</span> <span class="o">=&gt;</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">shortcode</span><span class="p">,</span> <span class="s1">'PhoneNumber'</span> <span class="o">=&gt;</span> <span class="nv">$phone</span><span class="p">,</span> <span class="s1">'CallBackURL'</span> <span class="o">=&gt;</span> <span class="nf">route</span><span class="p">(</span><span class="s1">'mpesa.callback'</span><span class="p">),</span> <span class="s1">'AccountReference'</span> <span class="o">=&gt;</span> <span class="nv">$accountReference</span><span class="p">,</span> <span class="s1">'TransactionDesc'</span> <span class="o">=&gt;</span> <span class="nv">$transactionDesc</span><span class="p">,</span> <span class="p">]</span> <span class="p">);</span> <span class="p">}</span> <span class="k">private</span> <span class="k">function</span> <span class="n">getAccessToken</span><span class="p">()</span> <span class="p">{</span> <span class="nv">$response</span> <span class="o">=</span> <span class="nc">Http</span><span class="o">::</span><span class="nf">withBasicAuth</span><span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">consumerKey</span><span class="p">,</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">consumerSecret</span><span class="p">)</span> <span class="o">-&gt;</span><span class="nf">get</span><span class="p">(</span><span class="s1">'https://sandbox.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials'</span><span class="p">);</span> <span class="k">return</span> <span class="nv">$response</span><span class="p">[</span><span class="s1">'access_token'</span><span class="p">];</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Step 4: Handling Deposits </h2> <p>When a user initiates a deposit:</p> <ol> <li> Call the <strong>stkPush</strong> method.</li> <li> Wait for M-Pesa callback.</li> <li> Update wallet balance.</li> <li> Save transaction.</li> </ol> <p>Callback route example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nc">Route</span><span class="o">::</span><span class="nf">post</span><span class="p">(</span><span class="s1">'/mpesa/callback'</span><span class="p">,</span> <span class="p">[</span><span class="nc">MpesaController</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="s1">'callback'</span><span class="p">])</span><span class="o">-&gt;</span><span class="nf">name</span><span class="p">(</span><span class="s1">'mpesa.callback'</span><span class="p">);</span> </code></pre> </div> <p>In the controller:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">public</span> <span class="k">function</span> <span class="n">callback</span><span class="p">(</span><span class="kt">Request</span> <span class="nv">$request</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$data</span> <span class="o">=</span> <span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">all</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="k">isset</span><span class="p">(</span><span class="nv">$data</span><span class="p">[</span><span class="s1">'Body'</span><span class="p">][</span><span class="s1">'stkCallback'</span><span class="p">][</span><span class="s1">'ResultCode'</span><span class="p">])</span> <span class="o">&amp;&amp;</span> <span class="nv">$data</span><span class="p">[</span><span class="s1">'Body'</span><span class="p">][</span><span class="s1">'stkCallback'</span><span class="p">][</span><span class="s1">'ResultCode'</span><span class="p">]</span> <span class="o">==</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$amount</span> <span class="o">=</span> <span class="nv">$data</span><span class="p">[</span><span class="s1">'Body'</span><span class="p">][</span><span class="s1">'stkCallback'</span><span class="p">][</span><span class="s1">'CallbackMetadata'</span><span class="p">][</span><span class="s1">'Item'</span><span class="p">][</span><span class="mi">0</span><span class="p">][</span><span class="s1">'Value'</span><span class="p">];</span> <span class="nv">$phone</span> <span class="o">=</span> <span class="nv">$data</span><span class="p">[</span><span class="s1">'Body'</span><span class="p">][</span><span class="s1">'stkCallback'</span><span class="p">][</span><span class="s1">'CallbackMetadata'</span><span class="p">][</span><span class="s1">'Item'</span><span class="p">][</span><span class="mi">4</span><span class="p">][</span><span class="s1">'Value'</span><span class="p">];</span> <span class="nv">$user</span> <span class="o">=</span> <span class="nc">User</span><span class="o">::</span><span class="nf">where</span><span class="p">(</span><span class="s1">'phone'</span><span class="p">,</span> <span class="nv">$phone</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">first</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$user</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="n">wallet</span><span class="o">-&gt;</span><span class="nf">increment</span><span class="p">(</span><span class="s1">'balance'</span><span class="p">,</span> <span class="nv">$amount</span><span class="p">);</span> <span class="nc">Transaction</span><span class="o">::</span><span class="nf">create</span><span class="p">([</span> <span class="s1">'user_id'</span> <span class="o">=&gt;</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="n">id</span><span class="p">,</span> <span class="s1">'amount'</span> <span class="o">=&gt;</span> <span class="nv">$amount</span><span class="p">,</span> <span class="s1">'type'</span> <span class="o">=&gt;</span> <span class="s1">'deposit'</span><span class="p">,</span> <span class="s1">'status'</span> <span class="o">=&gt;</span> <span class="s1">'success'</span><span class="p">,</span> <span class="p">]);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Step 5: Withdrawals </h2> <p>Withdrawals can be processed using <strong>M-Pesa B2C API</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nc">Http</span><span class="o">::</span><span class="nf">withToken</span><span class="p">(</span><span class="nv">$accessToken</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">post</span><span class="p">(</span> <span class="s1">'https://sandbox.safaricom.co.ke/mpesa/b2c/v1/paymentrequest'</span><span class="p">,</span> <span class="p">[</span> <span class="s1">'InitiatorName'</span> <span class="o">=&gt;</span> <span class="nf">config</span><span class="p">(</span><span class="s1">'mpesa.initiator_name'</span><span class="p">),</span> <span class="s1">'SecurityCredential'</span> <span class="o">=&gt;</span> <span class="nf">config</span><span class="p">(</span><span class="s1">'mpesa.security_credential'</span><span class="p">),</span> <span class="s1">'CommandID'</span> <span class="o">=&gt;</span> <span class="s1">'BusinessPayment'</span><span class="p">,</span> <span class="s1">'Amount'</span> <span class="o">=&gt;</span> <span class="nv">$amount</span><span class="p">,</span> <span class="s1">'PartyA'</span> <span class="o">=&gt;</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">shortcode</span><span class="p">,</span> <span class="s1">'PartyB'</span> <span class="o">=&gt;</span> <span class="nv">$phone</span><span class="p">,</span> <span class="s1">'Remarks'</span> <span class="o">=&gt;</span> <span class="s1">'Wallet Withdrawal'</span><span class="p">,</span> <span class="s1">'QueueTimeOutURL'</span> <span class="o">=&gt;</span> <span class="nf">route</span><span class="p">(</span><span class="s1">'mpesa.timeout'</span><span class="p">),</span> <span class="s1">'ResultURL'</span> <span class="o">=&gt;</span> <span class="nf">route</span><span class="p">(</span><span class="s1">'mpesa.result'</span><span class="p">),</span> <span class="s1">'Occasion'</span> <span class="o">=&gt;</span> <span class="s1">'Withdrawal'</span><span class="p">,</span> <span class="p">]</span> <span class="p">);</span> </code></pre> </div> <h2> Step 6: Transaction History </h2> <p>Each transaction (deposit/withdrawal) is stored in the <code>transactions</code><br> table and displayed in the user dashboard:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nc">Transaction</span><span class="o">::</span><span class="nf">where</span><span class="p">(</span><span class="s1">'user_id'</span><span class="p">,</span> <span class="nf">auth</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">id</span><span class="p">())</span><span class="o">-&gt;</span><span class="nf">latest</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">get</span><span class="p">();</span> </code></pre> </div> <h2> Step 7: Security Best Practices </h2> <ul> <li> Always store M-Pesa credentials in <code>.env</code>.</li> <li> Use HTTPS for callbacks.</li> <li> Log API requests and responses for troubleshooting.</li> <li> Implement role-based access control for admins vs customers.</li> </ul> <h2> Conclusion </h2> <p>We've built a <strong>basic fintech wallet using Laravel and M-Pesa</strong>. This<br> system supports deposits, withdrawals, and transaction tracking. With<br> further enhancements such as <strong>KYC verification, fraud detection, and<br> multi-currency support</strong>, this can scale into a robust fintech solution.</p> <h2> Next Steps </h2> <ul> <li> Add <strong>notifications (SMS/Email)</strong> for successful transactions.</li> <li> Extend to support <strong>bank integrations</strong>.</li> <li> Deploy to production with SSL and monitoring tools.</li> </ul> laravel php mpesa api