From this tweet I posted 10 months ago;
twitter.com/__wchr/status/1387037322990944259
Safaricom was able to solve a couple of things but they haven't addressed the issues yet.
So what did they address; ๐งต
You no longer need Internet Explorer to access the G2 portal (btw should not even exist, everything should exist in the Daraja portal or do an overhaul. That was it, they made some UI changes to the dashboard, I like the TRY API functionality that works with STK push alone ๐.
They didn't address Basic Auth just yet, just copying the key and decoding with btoa will expose your consumer credentials. I understand they are using some Oracle and it's out of their control but they can invest in building their own, $193,236,714 was transacted in the last yr.
We still need different accounts in the G2 portal to manage different products, which basically means if you need to initialize mobile payments by STK that a different login from the B2C money disbursement product.
Poor developer experience when trying to go live, after you have gone through the process of going live you need to shout an email to them for them to share credentials through Email, I don't have to a security expert to notice that's kind of a security issue.
The credentials they send are enough to withdraw cash from your business wallet.
There are lots of problems and things stated in the previous tweet. Come on Safaricom, you can do better you already have a monopoly, you non-dev platforms are great ๐ฏ what's stopping you from building a great experience on the Developer Experience front.
You can read the unrolled version of this thread here: typefully.com/__wchr/1cEh0jQ
