PHP download

Download the PHP package kemboielvis/mpesa-sdk-php without Composer

On this page you can find all versions of the php package kemboielvis/mpesa-sdk-php. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of kemboielvis/mpesa-sdk-php

Informations about the package mpesa-sdk-php

M-Pesa PHP SDK

A PHP SDK for Safaricom M-Pesa APIs with batteries included: STK Push, C2B, B2C, Reversals, Transaction Status, and more. Now with multi-process safe token caching (lock + atomic writes).

Requirements

PHP 8.0+
ext-curl, ext-openssl (installed by default on most PHP builds)
Composer for library installation

Installation

Quick start

Multi-process safe token cache

The SDK caches the OAuth access token on disk to minimize network calls. The cache is safe for concurrent use by multiple PHP processes:

A lock file prevents the "thundering herd" when the token needs refreshing.
Cache writes are atomic (temp file + rename) to avoid partial or corrupt files.
Malformed/expired cache is ignored and re-fetched safely by a single lock holder.

Details:

Default cache name: mpesa_api_cache.json. If you pass only a filename, it is stored under the system temp directory. You can provide an absolute or relative path.
Lock file location: same directory as the cache file with .lock suffix. For stream paths (e.g., php://memory), the lock is stored in the system temp directory.
Methods:
- Mpesa::setStoreFile(string $path) — sets the token cache file and refreshes the internal client.
- Mpesa::clearTokenCache() — clears the current token cache.
- Mpesa::getResolvedStoreFilePath() — returns the resolved absolute path the SDK uses for the cache.
- Mpesa::setDebug(bool $on) — enable debug logging to troubleshoot token flow.

Services and examples

STK Push (Lipa Na M-Pesa)
Query STK Push status
Customer to Business (C2B) — Register URLs
C2B — Simulate payment
Business to Customer (B2C)
Reversal

Error handling

Wrap service calls in try/catch:

Advanced configuration

Token cache file
Debug logs
Test-only: override base URL For automated tests or proxies, you can override via the underlying config (not usually needed in apps):

Testing

The repository ships with a few simple tests, including concurrency/tamper checks for the token cache.

Smoke test: cache read path
Concurrency test: verifies single network fetch with many parallel processes
Tamper concurrency test: corrupts the cache mid-flight; ensures consistency and minimal re-fetch

Notes:

These tests use a local fake server and do not hit Safaricom endpoints.
If you see permission issues for the cache path, choose a directory writable by your PHP processes (e.g., /tmp or a shared run directory) and use Mpesa::setStoreFile().

Troubleshooting

Token cache not updating:
- Ensure the process has write permission to the cache directory.
- Check for SELinux/AppArmor restrictions if applicable.
- Enable debug with $mpesa->setDebug(true) to see lock/cache logs in error_log.
SSL errors on sandbox: ensure your environment has recent CA certificates; avoid disabling verification in production.

License

MIT License. See LICENSE in this repository.

Support

Open an issue with details (PHP version, OS, logs, and a minimal repro). Pull requests welcome.

All versions of mpesa-sdk-php with dependencies

PHP Build Version

Package Version

Version v2.2.1 Release 11. Jan 2026
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of mpesa-sdk-php from vendor kemboielvis

Requires ext-curl Version *
ext-openssl Version *

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package kemboielvis/mpesa-sdk-php contains the following files

Loading the files please wait ...