Tanzania M-Pesa vs Kenya M-Pesa for Developers: What Is Actually Different?
Tanzania M-Pesa (Vodacom Open API) and Kenya M-Pesa (Safaricom Daraja) share the same fundamental architecture: request-callback pattern for mobile money payments. The differences are in the operator (Vodacom vs Safaricom), the developer portal, the authentication mechanism (API key + session key vs OAuth 2.0), the endpoint URLs, the callback payload format, and the ease of access (Daraja is easier and faster to get started with). A developer who knows one can adapt to the other in one to three days. The core skills, including callback handling, async payment flows, error management, and security, transfer completely.
Vodacom M-Pesa (Tanzania)
Operates through the Vodacom Open API. Harder to access for individual developers. Session key authentication. Less mature developer ecosystem.
Safaricom M-Pesa (Kenya)
Operates through the Daraja API. Easiest mobile money API to start with in East Africa. OAuth 2.0 authentication. Large developer community.
Side-by-Side Comparison
| Criterion | Vodacom M-Pesa (Tanzania) | Safaricom M-Pesa (Kenya) |
|---|---|---|
| Operator | Vodacom Tanzania | Safaricom Kenya |
| API platform | Vodacom Open API | Safaricom Daraja |
| Authentication | API key + session key | OAuth 2.0 (consumer key + consumer secret) |
| Collections (C2B) | C2B API via Vodacom Open API | STK Push (Lipa Na M-Pesa Online) |
| Disbursements (B2C) | B2C API | B2C API |
| Developer portal | Vodacom Developer Portal | developer.safaricom.co.ke |
| Sandbox access | Available, requires registration | Instant, self-service |
| Production access | Requires business approval (weeks) | Faster approval with valid business shortcode |
| Currency | TZS | KES |
| Callback architecture | Request-callback (webhook) | Request-callback (webhook) |
| Developer community size | Smaller, growing | Large, well-established |
| Documentation quality | Adequate | Mature, with tutorials and code examples |
| Market context | Three-rail market (M-Pesa, Tigo Pesa, Airtel Money) | M-Pesa dominant (90%+ market share) |
Same Brand, Different Everything
Here is a scenario that plays out regularly: a Tanzanian developer Googles "M-Pesa API integration," finds a Daraja tutorial, copies the code, points it at a Vodacom endpoint, and it breaks. The error messages make no sense because the entire authentication mechanism is different.
The confusion is baked into the brand. M-Pesa was created by Vodafone and first launched in Kenya through Safaricom in 2007. When it expanded to Tanzania, it went through Vodacom (Vodafone's subsidiary). For years, they shared core technology. But as both companies grew, they built their own developer platforms independently.
Today:
- Kenya M-Pesa runs on Safaricom's Daraja API. Developer portal at developer.safaricom.co.ke. OAuth 2.0 authentication. STK Push for C2B. The most developer-friendly mobile money API in East Africa.
- Tanzania M-Pesa runs on the Vodacom Open API. Separate developer portal. API key + session key authentication. Different endpoint URLs. Different payload structures.
The brand name is the same. Everything else that a developer touches is different. This article goes through each difference and, more importantly, explains what stays the same so you understand what skills transfer.
Authentication: Session Keys vs OAuth Tokens
This is the first thing that breaks when you try to use Daraja code against Vodacom's API.
Safaricom Daraja (Kenya):
- Send your consumer key and consumer secret to the OAuth endpoint
- Receive an access token (valid for 3600 seconds by default)
- Include the access token in the Authorization header of all subsequent API calls
This is standard OAuth 2.0 client credentials flow. If you have used any OAuth-based API (Google, GitHub, Stripe), the pattern is familiar.
Vodacom Open API (Tanzania):
- Include your API key in a request to the session key endpoint
- Receive an encrypted session key
- Decrypt the session key (this step varies based on the security model)
- Include the session key in subsequent API calls
The extra decryption step catches many developers off guard. It is not standard OAuth, and the documentation around it requires careful reading. Once you have the session key, the rest of the API calls work similarly to Daraja: send a request, get a response, handle callbacks.
The key insight: these are two different mechanisms for the same purpose (proving you are authorized to make API calls). Once you understand what authentication does and why, adapting between mechanisms is not conceptually hard. It is just different code.
Payment Flows: Same Architecture, Different Details
Both APIs implement the request-callback (webhook) pattern for payment processing. This is the most important shared architecture:
- Your server sends a payment request to the API
- The API prompts the customer on their phone
- The customer enters their PIN
- The API sends a callback (POST request) to your server with the result
This flow is identical in both systems. The differences are in the details:
C2B (collecting from customers):
- Daraja uses "STK Push" (Lipa Na M-Pesa Online). You send the customer's phone number, amount, and your shortcode. The customer gets a push prompt.
- Vodacom uses the C2B API endpoint. The request and prompt mechanism is similar, but the endpoint URL, request body format, and response structure differ.
Callback payloads:
- Daraja callbacks include fields like
ResultCode,ResultDesc,MpesaReceiptNumber, and nested metadata. - Vodacom callbacks have their own field names and structure. You cannot parse a Vodacom callback with a Daraja callback handler.
Error codes:
- Both systems return error codes for failed transactions (insufficient funds, wrong PIN, timeout). The codes and messages are different, but the categories of errors are the same.
The takeaway: if you write a well-structured payment handler with a provider abstraction (an interface for "initiate payment" and "handle callback"), you can swap the Daraja implementation for a Vodacom implementation without changing any of your business logic. The architecture is identical. The serialization is different.
Developer Experience: Why Daraja Is the Better Starting Point
This is not a subjective preference. Daraja is objectively easier to start with:
- Instant sandbox access. Register on developer.safaricom.co.ke, get sandbox credentials in minutes, and start testing immediately. Vodacom's process involves more steps.
- Better documentation. Daraja's documentation includes code examples in multiple languages, clear API reference pages, and a walkthrough for common integration patterns. Vodacom's documentation is adequate but less polished.
- Larger community. More developers have integrated Daraja than any other mobile money API in East Africa. When you hit an error, the answer is more likely to be on Stack Overflow, in a blog post, or in a Daraja-focused Telegram group.
- Faster production access. Going live with Daraja requires a valid business shortcode and some verification, but the process is faster and more predictable than Vodacom's.
For a Tanzanian developer who wants to learn mobile money integration, this creates a counterintuitive recommendation: start with the Kenyan API. Not because you will deploy Daraja in Tanzania (you will not), but because Daraja provides the fastest path to understanding the architecture. Once you understand request-callback patterns, webhook handling, and error management on Daraja, adapting to Vodacom is a matter of days, not weeks.
This is exactly why McTaba's M-Pesa Integration for Developers course (KES 9,999 / ~TZS 200,000) uses Daraja as the teaching platform. The goal is to teach you the pattern, not one specific API's documentation.
Market Context: Single Rail vs Three Rails
Beyond the API differences, the market context is fundamentally different:
Kenya: M-Pesa has over 90% mobile money market share. A Kenyan checkout that supports only M-Pesa covers almost the entire market. Airtel Money exists but is a distant second. Integrating M-Pesa alone is often enough.
Tanzania: The market is split across three providers. M-Pesa (Vodacom) is the largest but does not dominate the way Safaricom does in Kenya. Tigo Pesa and Airtel Money have substantial user bases. A Tanzanian checkout that supports only M-Pesa loses a significant portion of potential customers.
This means a Tanzanian developer's job is harder in one specific way: you need to support three payment rails, not one. The architecture is the same for all three, but the development work is multiplied (unless you use an aggregator that abstracts the three rails into one API).
Tanzania's advantage is interoperability. Since 2014, customers can send money between all three providers. This does not help with merchant payments (customers still pay from their own wallet), but it means the ecosystem functions as a unified network at the user level. For developers, the practical impact is that you need to support all three collection points, but users can fund any of their wallets from any other.
What Transfers: The Skills That Work in Both Markets
If you learn mobile money integration on one platform, here is exactly what transfers to the other:
Transfers completely (these are the hard parts):
- Understanding async payment flows (request now, result later)
- Building and securing webhook/callback endpoints
- Handling idempotency (duplicate callbacks, retry logic)
- Transaction state management (pending, success, failed, timeout)
- Error handling patterns (insufficient funds, wrong PIN, network timeout, expired session)
- Security (validating callbacks, securing credentials, HTTPS enforcement)
- Testing strategy (sandbox development, small-amount production testing)
- Checkout UX (phone number input, waiting states, result display)
Needs adaptation (these are the easy parts):
- Authentication code (OAuth vs session key)
- API endpoint URLs
- Request payload format
- Callback payload parsing
- Error code mapping
- Currency and amount formatting (KES vs TZS)
The hard parts transfer. The easy parts need adaptation. This is why the most efficient path for any East African mobile money developer is: learn the architecture on the best-documented platform (Daraja), then adapt to your target market. The adaptation is a day or two of work. The architecture takes weeks to learn properly.
Frequently Asked Questions
- Can I copy Safaricom Daraja code and use it for Vodacom M-Pesa in Tanzania?
- No. The code will not work as-is. The authentication, endpoints, and payload formats are different. However, the architecture and flow are identical. If you restructure your code to separate the business logic (what happens when a payment succeeds or fails) from the API layer (how you talk to the specific provider), you can reuse most of your code and only rewrite the provider-specific parts.
- Which API should I learn first if I plan to work in both Kenya and Tanzania?
- Start with Safaricom Daraja. It has the better sandbox, better documentation, and a larger community to help when you get stuck. Once you understand the pattern, adapting to Vodacom M-Pesa is straightforward. The reverse path (learning Vodacom first, then Daraja) works too, but is slower due to Vodacom's steeper onboarding curve.
- Does McTaba teach both Vodacom and Safaricom M-Pesa?
- McTaba's M-Pesa Integration for Developers course (KES 9,999 / ~TZS 200,000) teaches Safaricom Daraja because it provides the best learning experience. The course focuses on the request-callback architecture, webhook handling, and error management, which are the skills that transfer to Vodacom, Tigo Pesa, and Airtel Money. You will need to adapt the specific API calls for Vodacom, but the architecture and patterns you learn are directly applicable.
- How long does it take to adapt from Daraja to Vodacom M-Pesa?
- For a developer who has already built a working Daraja integration, adapting to Vodacom M-Pesa typically takes one to three days. The work involves changing the authentication mechanism, updating endpoint URLs, reformatting request and callback payloads, and updating error code mappings. The architecture, business logic, and testing strategy remain the same.
Ready to build real-world apps?
Join the McTaba Labs full-stack marathon (4 months full-time · 6 months part-time). Learn M-Pesa, USSD, and WhatsApp engineering while shipping 8 production apps.
Apply to the McTaba Marathon