safaricom / mpesa-node-library Goto Github PK

docs inform on a single requirement of providing consumerKey and consumerSecret.

Though for the accountBalance request securityCredential is also a requirement. Where to find this for our Mpesa account?

Created a contribution guide to allow newer members understand how they can contribute towards the project's growth

Describe the bug
The callback returns the following error response but I seem to have done everything right.

Error

{
    "Result": {
        "ResultType": 0,
        "ResultCode": 2001,
        "ResultDesc": "The initiator information is invalid.",
        "OriginatorConversationID": "11143-7569966-1",
        "ConversationID": "AG_20181024_000043ade8e082b13567",
        "TransactionID": "MJO61H754M",
        "ReferenceData": {
            "ReferenceItem": {
                "Key": "QueueTimeoutURL",
                "Value": "https://internalsandbox.safaricom.co.ke/mpesa/b2cresults/v1/submit"
            }
        }
    }
}

Expected behavior
I was expecting a successful response because I had followed all the specifications.

Description

Not really a bug actually the sandbox certificate specified in this repo is correct and I managed to get successful transactions using this key. This is not the case for https://developer.safaricom.co.ke/sites/default/files/cert/cert_sandbox/cert.cer that is different from the certificate that the library uses. The certificate posted on the docs didn't work

Reproduction

Steps to reproduce the behaviour:

1. Using the mpesa-node-library send a b2c request with using the certificate in daraja to encrypt your Security Credential

Expectation

A successful transaction

Actual

Transaction with the error Initiator Information is invalid

Specification

• OS: Windows 10
• Node Version: 10.15.1

Is this SDK still in use or is there an updated version I should be aware of? I ask because I want to contribute if it is and because it seems that the last update was 3 years ago

I get this response error when I do an stk push using this package

• I'm trying to initiate a test stk push working with sandbox. My mpesa app in daraja has all three products mapped. I feel something is missing or wrong but cant figure it out.
• using "express": "^4.18.2" node v14.18.1 and "mpesa-node": "^0.1.3"

data: {
      requestId: '2275-94324073-1',
      errorCode: '500.001.1001',
      errorMessage: 'Wrong credentials'
    }

here's my code:

const lnm = async () => {
    const mpesaApi = new Mpesa({
    consumerKey: 'myconsumerkey',
    consumerSecret: 'myconsumerasecret',
    environment: 'sandbox',
    shortCode: 174379
    })

const testMSISDN = "254720003332"
const amount = 100
const callBackURL = "http://arbaaz.herokuapp.com/log.txt"
const accountRef = "CLINTON"
const transactionDesc = "Test-CLINTON"
const transactionType = "CustomerPayBillOnline"
const shortCode = 174379
const passKey ="MTc0Mzc5YmZiMjc5ZjlhYTliZGJjZjE1OGU5N2RkNzFhNDY3Y2QyZTBjODkzMDU5YjEwZjc4ZTZiNzJhZGExZWQyYzkxOTIwMTkxMjEzMTA1NzEz"


await mpesaApi.lipaNaMpesaOnline(
    testMSISDN, 
    amount, 
    callBackURL,
    accountRef,
    transactionDesc,
    transactionType,
    shortCode,
    passKey
    )
    .then((result) => {
                console.log("result here.. ", result);
            })
            .catch((err) => {
                console.log("error here.. ", err);
            })

}

lnm();

@geofmureithi-zz @Beliot @DGatere @jeffnyauke

It would be nice, for users to know, what open source license covers this code, before they dive in.

Why is my test credentials not showing?

Describe the bug
Not a bug, but a request to look into updating transitive dependencies, specifically axios:

GHSA-cph5-m8f7-6c5x

Seems rather low effort (given existing integration testing will catch regressions), and also seen Dependabot pull requests for updates that haven't been merged.

Any updates from the team/or link to documentation on how to resolve such issues?

CallbackURL doesn not receive any request from MPesa servers

For some reason, there appears to be zero requests sent to the callbackurl after a transaction is made. As a result, the client keeps on waiting and waiting for a server reply in vain.

Axios Issue
Since the Mpesa Library for node is built on top of axios, A vulnerability has been detected thanks to Sync. This issue affects all axios versions.

See Issue on Sync

This commit claims to have fixed it. The decision remains whether to work on how to use the fix, or change to another module.

Please add a link to the documentation on where to obtain the keys (consumer/consume).

Describe the bug
When trying to use the LipaNaMpesaOnline api, I keep getting 404 error with the message Unable to identify proxy for host: secure and url: /mpesa/stkpush/v1/processrequest

To Reproduce
Steps to reproduce the behavior:

1. Initialize Mpesa with required credentials
2. Use ngrok to expose localhost
3. Make post request to payment endpoint
4. See error under data.fault object

Expected behavior
STK Push initiated

Screenshots

Desktop (please complete the following information):

• OS: MacOS
• Browser: Brave
• Version : 1.27

Smartphone (please complete the following information):

• Device: Safaricom Neon Ray Pro
• OS: Android 10
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

When I login and check api details for the app, I find consumerKey and consumerSecret. But your package/The REST also requires the "securityCredential" . Where can we find this after going life is initiated?

Is there a syntax error in your code?
Detailed stack trace: /user_code/node_modules/mpesa-node/src/m-pesa.js:31
this.configs = { ...config }
^^^
Use Typescript as my cloud Function Language.

• c2bSimulate should not be available in production.
  The best response would be throw error if someone attempts simulate in production.