M-Sahihi – An easy way to sign mpesa documents



M-Sahihi is an application that allows mobile money users to sign without the use of paper. Our team members are Duncan Muriithi and myself. Our main concern was creating a user friendly web application to go paperless, and using the HelloSign API. Duncan worked on debugging and presentation and I worked on development both front end and back end.


We as a team have been depositing and withdrawing money using our mobile phones through the Safaricom Mpesa agent almost daily since 2007 when this service was launched. Whenever a customer wants to transact at the agent’s shop, the agent fills a records book and the customer signs for closure of the transaction.

Our concern was the use of pen and paper to store customer’s personal data every time they transacted. I agree that records need to be kept, but the manner in which it is kept there is no privacy. When a customer signs he is able to see the others records who came before them. There’s also the risk of losing personal identification information in case the book lands in the wrong hands. Here is an tweet sent by a customer:

“@SafaricomPLC I’m very concerned about data privacy in your services. Confirmation messages and mpesa agents recording everything on my Id is just too much. Can we do some kind of OTP with mpesa agents. As for confirmation messages, I’ve some ideas. As a sender, if I’ve the …”

From the agent’s perspective, the cost of the book is high. One book (500 pages) costs an average of 35 USD. With about 600,000 agents, this means about 21 million USD is used every year on paper costs. There’s the risk of loss of records since paper is prone to wear and tear and cannot be preserved for many years. It is also a tedious process as you have to keep recording the same data manually.

With all this in mind we saw that creating an application that can help alleviate the situation would be ideal. We joined a hackathon on Devpost “HelloSign Go Paperless Hackathon” that allowed us to integrate HelloSign eSignature API that focuses on removing the traditional use of pen and paper to sign and scan documents.

What it does

M-sahihi home page

M-Sahihi web application is designed purposely to be used at the Mpesa agent shop to record cash deposits and withdrawals done by customers and allowing the customers to sign electronically to ascertain that they transacted with the values given.

The agent creates an account with their unique agent number, agent name and email address. This email address will be used to allow the customers to sign for transaction. Once all this is done, the agent is signed in automatically.

registration page

If the agent already have an existing account, they can be able to login with the agent number and the password they used during registration.

login page

When a customer makes a transaction, whether deposit or withdrawal, a message with a unique code is sent to both the customer and the agent. The agent fills the form on M-Sahihi with the unique code generated, the amount the customer transacted with, the type of the transaction and the customer’s national ID number. The agent then passes their device for the customer to verify that the information filled in is correct, and then they draw their signature.

Able to add a transaction
Save, and we’re all done

How we built it


We started with brainstorming and identifying the users and the name of the application. We then created use case statements to allow us to know which features to build. We designed mock-ups for a good user experience design. The final part was designing the database schema before we then dived into coding.


The technologies we used are Python programming language on the back end with Flask framework, PostgreSQL as the database system and HelloSign SDK API for signature authentication. For the front end we used HTML and CSS. Finally we deployed M-Sahihi on Heroku.


We successfully integrated the eSignature API and this has value to the user in that they are able to sign online and confidentiality is maintained. A customer is only able to see only the data pertaining to the transaction at hand.

We were also able to build a responsive website that is compatible with mobile or any other device. This means agents can access M-Sahihi from a mobile view!

Challenges we ran into

Early in the project we created database models using SQLite and managed to have the registration and login routes working perfectly, but only locally. Upon deployment on Heroku the registration route worked but it could not login the user, so there was a forth and back redirection. We didn’t know until one week before the submission deadline that SQLite wasn’t very good on Heroku and we needed to use Postgresql. With no prior knowledge of how to work with Postgresql databases, we had to research and learn very quickly to get things done. Here is the GitHub repository on our practices on how to work with Postgresql. Thanks to Dushan for providing a very helpful tutorial on postgresql.

Another challenge we ran into was inadequate developer information when we encountered bugs. For example while configuring beta HelloSign SDK we encountered “ ModuleNotFoundError: No module named 'metadict'”, “ ModuleNotFoundError: No module named 'metadata'”. It took us several hours to figure out that we had to install metadata and metadict every time we ran our code because there was no solution to this online.

Last but not least, we ran out of email addresses to use for test purposes. With only having our email addresses and encountering several bugs while working with the API we had to keep creating other addresses to test whether a feature that we’ve worked on is working perfectly.

What we’ve learned

We learned how to work with the HelloSign API. How to get, update, create and verify accounts, how to send signature requests, how to use templates for signature requests, how to send bulk requests, etc.

we learned how to use postgresql databases, its configurations on Heroku and maintenance as well.

We also learned how to peer program and work as a team.

What’s next for M-Sahihi

We will integrate the Mpesa API so that all the information on transaction unique ID , amount and nature of transaction can be picked up automatically instead of keying in the information.

Reach us on

Github Jane Ngethe and Muriithi Kabogo

Twitter Jane and Duncan

Similar Posts

Leave a Reply