Solving "Invalid Access Token" Error on live mpesa api.
Apis

Solving "Invalid Access Token" Error on live mpesa api.

Rizwan Hamisi
Rizwan Hamisi

If you've just gone live with your M-Pesa Daraja API integration and you're getting the annoying "invalid access token" error when trying to initiate an STK Push — you're not alone.


I've received several consultation calls about this exact issue, and I've personally encountered it multiple times. It's frustrating because the same exact code works on sandbox and even on other live Daraja applications. So naturally, many developers assume something is wrong with their code. But here's the truth:


If your code works perfectly in sandbox, and you've correctly updated your base URL and keys after going live, then 90% of the time — your code is not the issue.


✅ Checklist Before Assuming It's Your Code

When going live, you usually:


  • Replace the sandbox base URL: https://sandbox.safaricom.co.ke → https://api.safaricom.co.ke
  • Replace your sandbox Consumer Key, Consumer Secret, and Passkey with the live ones from the Daraja portal.


If you've done all that and you're still getting the error — here's the fix.


🛠️ The Real Cause: Your API Product Might Not Be Approved Yet

This issue is often caused by your Daraja app's API product not being approved yet. In many cases, the api team has to manually activate the product after you go live.


Solution: Send an email to apisupport@safaricom.co.ke explaining the issue. Mention that you've recently gone live and include your Daraja app ID and shortcode in the message.


📧 Sample Email I Use.


Subject: Invalid Access Token Error After Going Live


Body:


After going live and obtaining the required live credentials, I am getting an "invalid access token" error when trying to initiate an STK Push request.

I have confirmed that:
- The app on Daraja has all the required API products assigned.
- The codebase works perfectly with other credentials.
- Only the newly generated credentials for this new app are giving this error.

Please help verify if the app has been fully approved for live access or assist with resolving this issue.

Shortcode: 123456 (the till store number or paybill number)
Daraja Product: Prod-example-wallet-1234567890 (the daraja app id on the daraja portal)



If you're stuck at this point, don't lose hours debugging your code. Sometimes it's not you — it's the approval process. Save time by reaching out to Safaricom support early.


If you're experiencing difficulties with your implementation or have questions that aren't covered in this article, I offer personalized consultation services to help you get back on track. You can reach me via 0768793923 or send me an email at hamisirizwan001@gmail.com.


Happy coding!!