pesafy 0.3.6 → 0.3.9

package/dist/index.cjs

@@ -8,7 +8,7 @@ var __defProp = Object.defineProperty;
 var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
 var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
 
-// src/utils/errors/error-factory.ts
+// src/utils/errors/index.ts
 var PesafyError = class _PesafyError extends Error {
   constructor(options) {
     super(options.message);
@@ -41,77 +41,108 @@ function createError(options) {
   return new PesafyError(options);
 }
 
-// src/utils/http/client.ts
-var DEFAULT_TIMEOUT = 3e4;
-async function httpRequest(url, options = {}) {
-  const {
-    method = "GET",
-    headers = {},
-    body,
-    timeout = DEFAULT_TIMEOUT
-  } = options;
-  const controller = new AbortController();
-  const timeoutId = setTimeout(() => controller.abort(), timeout);
+// src/core/encryption/security-credentials.ts
+function encryptSecurityCredential(initiatorPassword, certificatePem) {
   try {
-    const response = await fetch(url, {
-      method,
-      headers: {
-        "Content-Type": "application/json",
-        ...headers
+    const passwordBuffer = Buffer.from(initiatorPassword, "utf-8");
+    const encrypted = crypto.publicEncrypt(
+      {
+        key: certificatePem,
+        // RSA_PKCS1_PADDING = 1  (NOT RSA_PKCS1_OAEP_PADDING = 4)
+        padding: crypto.constants.RSA_PKCS1_PADDING
       },
-      body: body ? JSON.stringify(body) : void 0,
-      signal: controller.signal
+      passwordBuffer
+    );
+    return encrypted.toString("base64");
+  } catch (error) {
+    throw new PesafyError({
+      code: "ENCRYPTION_FAILED",
+      message: "Failed to encrypt security credential. Ensure the certificate PEM is valid and matches the environment (sandbox/production).",
+      cause: error
     });
-    clearTimeout(timeoutId);
+  }
+}
+
+// src/utils/http/index.ts
+var RETRYABLE_STATUSES = /* @__PURE__ */ new Set([429, 500, 502, 503, 504]);
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function jitter(baseMs) {
+  const spread = baseMs * 0.25;
+  return baseMs + (Math.random() * spread * 2 - spread);
+}
+async function httpRequest(url, options) {
+  const maxRetries = options.retries ?? 4;
+  const baseDelay = options.retryDelay ?? 2e3;
+  const headers = {
+    "Content-Type": "application/json",
+    Accept: "application/json",
+    ...options.headers
+  };
+  const init = {
+    method: options.method,
+    headers,
+    ...options.body !== void 0 ? { body: JSON.stringify(options.body) } : {}
+  };
+  let lastError = null;
+  for (let attempt = 0; attempt <= maxRetries; attempt++) {
+    if (attempt > 0) {
+      const delay = jitter(baseDelay * Math.pow(2, attempt - 1));
+      await sleep(delay);
+    }
+    let response;
+    try {
+      response = await fetch(url, init);
+    } catch (err) {
+      lastError = new PesafyError({
+        code: "NETWORK_ERROR",
+        message: `Network error calling ${url}: ${String(err)}`,
+        cause: err
+      });
+      if (attempt < maxRetries) continue;
+      throw lastError;
+    }
     let data;
-    const text = await response.text();
+    const contentType = response.headers.get("content-type") ?? "";
     try {
-      data = text ? JSON.parse(text) : {};
+      data = contentType.includes("application/json") ? await response.json() : await response.text();
     } catch {
-      data = { raw: text };
+      data = null;
     }
-    if (!response.ok) {
-      const bodyStr = text.length > 0 ? ` \u2014 ${text}` : "";
-      throw new PesafyError({
-        code: "API_ERROR",
-        message: `Request failed with status ${response.status}${bodyStr}`,
-        statusCode: response.status,
-        response: data
-      });
-    }
-    return {
-      data,
-      status: response.status,
-      headers: response.headers
-    };
-  } catch (error) {
-    clearTimeout(timeoutId);
-    if (error instanceof PesafyError) throw error;
-    if (error instanceof Error) {
-      if (error.name === "AbortError") {
-        throw new PesafyError({
-          code: "TIMEOUT",
-          message: `Request timed out after ${timeout}ms`,
-          cause: error
-        });
-      }
-      throw new PesafyError({
-        code: "NETWORK_ERROR",
-        message: error.message,
-        cause: error
-      });
+    const responseHeaders = {};
+    response.headers.forEach((value, key) => {
+      responseHeaders[key] = value;
+    });
+    if (response.ok) {
+      return {
+        data,
+        status: response.status,
+        headers: responseHeaders
+      };
     }
-    throw new PesafyError({
-      code: "REQUEST_FAILED",
-      message: "An unknown error occurred",
-      cause: error
+    const isTransient = RETRYABLE_STATUSES.has(response.status);
+    const daraja = data ?? {};
+    const message = daraja.errorMessage ?? daraja.ResponseDescription ?? `HTTP ${response.status}`;
+    lastError = new PesafyError({
+      code: isTransient ? "REQUEST_FAILED" : "HTTP_ERROR",
+      message,
+      statusCode: response.status,
+      response: data,
+      requestId: daraja.requestId
     });
+    if (isTransient && attempt < maxRetries) {
+      continue;
+    }
+    throw lastError;
   }
+  throw lastError;
 }
 
 // src/core/auth/token-manager.ts
 var TOKEN_BUFFER_SECONDS = 60;
 var TokenManager = class {
+  // Unix seconds
   constructor(consumerKey, consumerSecret, baseUrl) {
     __publicField(this, "consumerKey");
     __publicField(this, "consumerSecret");
@@ -122,11 +153,15 @@ var TokenManager = class {
     this.consumerSecret = consumerSecret;
     this.baseUrl = baseUrl;
   }
-  getAuthHeader() {
+  getBasicAuthHeader() {
     const credentials = `${this.consumerKey}:${this.consumerSecret}`;
     const encoded = Buffer.from(credentials, "utf-8").toString("base64");
     return `Basic ${encoded}`;
   }
+  /**
+   * Returns a valid access token, fetching a new one when the cached token
+   * is absent or within TOKEN_BUFFER_SECONDS of expiry.
+   */
   async getAccessToken() {
     const now = Date.now() / 1e3;
     if (this.cachedToken && this.tokenExpiresAt > now + TOKEN_BUFFER_SECONDS) {
@@ -136,81 +171,61 @@ var TokenManager = class {
     const response = await httpRequest(url, {
       method: "GET",
       headers: {
-        Authorization: this.getAuthHeader()
+        Authorization: this.getBasicAuthHeader()
       }
     });
-    const data = response.data;
-    if (!data.access_token) {
+    const { access_token, expires_in } = response.data;
+    if (!access_token) {
       throw new PesafyError({
         code: "AUTH_FAILED",
-        message: "Failed to obtain access token",
-        response: data
+        message: "Daraja did not return an access token. Check your consumer key and secret.",
+        response: response.data
       });
     }
-    this.cachedToken = data.access_token;
-    this.tokenExpiresAt = now + (data.expires_in ?? 3600);
+    this.cachedToken = access_token;
+    this.tokenExpiresAt = now + (expires_in ?? 3600);
     return this.cachedToken;
   }
+  /** Force token refresh on the next call (e.g. after a 401 response) */
   clearCache() {
     this.cachedToken = null;
     this.tokenExpiresAt = 0;
   }
 };
-function encryptSecurityCredential(initiatorPassword, certificatePem) {
-  try {
-    const passwordBuffer = Buffer.from(initiatorPassword, "utf-8");
-    const encrypted = crypto.publicEncrypt(
-      {
-        key: certificatePem,
-        padding: 1
-        // RSA_PKCS1_PADDING
-      },
-      passwordBuffer
-    );
-    return encrypted.toString("base64");
-  } catch (error) {
-    throw new PesafyError({
-      code: "ENCRYPTION_FAILED",
-      message: "Failed to encrypt security credential",
-      cause: error
-    });
-  }
-}
 
-// src/utils/phone.ts
-function toE164Kenya(phone) {
-  const digits = phone.replace(/\D/g, "");
-  if (digits.startsWith("254")) return digits;
-  if (digits.startsWith("0")) return `254${digits.slice(1)}`;
-  if (digits.length === 9) return `254${digits}`;
-  return `254${digits}`;
-}
+// src/utils/phone/index.ts
 function formatSafaricomPhone(phone) {
-  const formatted = toE164Kenya(phone);
-  if (!/^254[71]\d{8}$/.test(formatted)) {
-    throw new Error(
-      `Invalid Kenyan phone number: "${phone}". Expected format: 07XXXXXXXX, 2547XXXXXXXX, or +2547XXXXXXXX.`
-    );
+  const digits = phone.replace(/\D/g, "");
+  let normalised;
+  if (digits.startsWith("254") && digits.length === 12) {
+    normalised = digits;
+  } else if (digits.startsWith("0") && digits.length === 10) {
+    normalised = `254${digits.slice(1)}`;
+  } else if (digits.length === 9) {
+    normalised = `254${digits}`;
+  } else if (digits.startsWith("254") && digits.length !== 12) {
+    throw new PesafyError({
+      code: "INVALID_PHONE",
+      message: `Invalid phone number "${phone}". Expected 254XXXXXXXXX (12 digits).`
+    });
+  } else {
+    throw new PesafyError({
+      code: "INVALID_PHONE",
+      message: `Cannot parse phone number "${phone}". Use 07XXXXXXXX, 2547XXXXXXXX, or +2547XXXXXXXX.`
+    });
   }
-  return formatted;
-}
-function formatKenyanMsisdn(phone) {
-  const formatted = toE164Kenya(phone);
-  if (!/^254\d{9}$/.test(formatted)) {
-    throw new Error(
-      `Invalid MSISDN: "${phone}". Expected a 12-digit Kenyan number starting with 254.`
-    );
+  if (normalised.length !== 12) {
+    throw new PesafyError({
+      code: "INVALID_PHONE",
+      message: `Phone number "${phone}" normalised to "${normalised}" which is not 12 digits.`
+    });
   }
-  return formatted;
-}
-function msisdnToNumber(phone) {
-  return parseInt(formatKenyanMsisdn(phone), 10);
+  return normalised;
 }
 
 // src/mpesa/stk-push/utils.ts
 function getStkPushPassword(shortCode, passKey, timestamp) {
-  const raw = `${shortCode}${passKey}${timestamp}`;
-  return btoa(raw);
+  return btoa(`${shortCode}${passKey}${timestamp}`);
 }
 function getTimestamp() {
   const now = /* @__PURE__ */ new Date();
@@ -229,9 +244,10 @@ function getTimestamp() {
 async function processStkPush(baseUrl, accessToken, request) {
   const amount = Math.round(request.amount);
   if (amount < 1) {
-    throw new Error(
-      `Amount must be at least KES 1 (got ${request.amount} which rounds to ${amount}).`
-    );
+    throw new PesafyError({
+      code: "VALIDATION_ERROR",
+      message: `Amount must be at least KES 1 (got ${request.amount} which rounds to ${amount}).`
+    });
   }
   const timestamp = getTimestamp();
   const partyB = request.partyB ?? request.shortCode;
@@ -245,6 +261,7 @@ async function processStkPush(baseUrl, accessToken, request) {
     PartyB: partyB,
     PhoneNumber: formatSafaricomPhone(request.phoneNumber),
     CallBackURL: request.callbackUrl,
+    // Daraja docs: AccountReference max 12 chars, TransactionDesc max 13 chars
     AccountReference: request.accountReference.slice(0, 12),
     TransactionDesc: request.transactionDesc.slice(0, 13)
   };
@@ -253,7 +270,10 @@ async function processStkPush(baseUrl, accessToken, request) {
     {
       method: "POST",
       headers: { Authorization: `Bearer ${accessToken}` },
-      body
+      body,
+      // Daraja sandbox needs more retries and longer gaps due to instability
+      retries: 5,
+      retryDelay: 3e3
     }
   );
   return data;
@@ -289,6 +309,61 @@ function getCallbackValue(callback, name) {
   return inner.CallbackMetadata.Item.find((i) => i.Name === name)?.Value;
 }
 
+// src/mpesa/transaction-status/query.ts
+async function queryTransactionStatus(baseUrl, token, securityCredential, initiator, request) {
+  if (!request.transactionId) {
+    throw createError({
+      code: "VALIDATION_ERROR",
+      message: "transactionId is required"
+    });
+  }
+  if (!request.partyA) {
+    throw createError({
+      code: "VALIDATION_ERROR",
+      message: "partyA is required (your business shortcode, till number, or MSISDN)"
+    });
+  }
+  if (!request.identifierType) {
+    throw createError({
+      code: "VALIDATION_ERROR",
+      message: 'identifierType is required: "1" (MSISDN) | "2" (Till) | "4" (ShortCode)'
+    });
+  }
+  if (!request.resultUrl) {
+    throw createError({
+      code: "VALIDATION_ERROR",
+      message: "resultUrl is required \u2014 Safaricom POSTs the transaction result here"
+    });
+  }
+  if (!request.queueTimeOutUrl) {
+    throw createError({
+      code: "VALIDATION_ERROR",
+      message: "queueTimeOutUrl is required \u2014 Safaricom calls this on timeout"
+    });
+  }
+  const payload = {
+    Initiator: initiator,
+    SecurityCredential: securityCredential,
+    CommandID: request.commandId ?? "TransactionStatusQuery",
+    TransactionID: request.transactionId,
+    PartyA: request.partyA,
+    IdentifierType: request.identifierType,
+    ResultURL: request.resultUrl,
+    QueueTimeOutURL: request.queueTimeOutUrl,
+    Remarks: request.remarks ?? "Transaction Status Query",
+    Occasion: request.occasion ?? ""
+  };
+  const { data } = await httpRequest(
+    `${baseUrl}/mpesa/transactionstatus/v1/query`,
+    {
+      method: "POST",
+      headers: { Authorization: `Bearer ${token}` },
+      body: payload
+    }
+  );
+  return data;
+}
+
 // src/mpesa/types.ts
 var DARAJA_BASE_URLS = {
   sandbox: "https://sandbox.safaricom.co.ke",
@@ -301,6 +376,12 @@ var Mpesa = class {
     __publicField(this, "config");
     __publicField(this, "tokenManager");
     __publicField(this, "baseUrl");
+    if (!config.consumerKey || !config.consumerSecret) {
+      throw new PesafyError({
+        code: "INVALID_CREDENTIALS",
+        message: "consumerKey and consumerSecret are required"
+      });
+    }
     this.config = config;
     this.baseUrl = DARAJA_BASE_URLS[config.environment];
     this.tokenManager = new TokenManager(
@@ -309,17 +390,60 @@ var Mpesa = class {
       this.baseUrl
     );
   }
-  async getToken() {
+  // ── Internal helpers ────────────────────────────────────────────────────────
+  getToken() {
     return this.tokenManager.getAccessToken();
   }
-  /** STK Push (M-Pesa Express) - Initiate payment on customer phone */
+  async buildSecurityCredential() {
+    if (this.config.securityCredential) return this.config.securityCredential;
+    if (!this.config.initiatorPassword) {
+      throw new PesafyError({
+        code: "INVALID_CREDENTIALS",
+        message: "Provide securityCredential (pre-encrypted) OR (initiatorPassword + certificatePath/certificatePem)"
+      });
+    }
+    let cert;
+    if (this.config.certificatePem) {
+      cert = this.config.certificatePem;
+    } else if (this.config.certificatePath) {
+      if (typeof Bun !== "undefined") {
+        cert = await Bun.file(this.config.certificatePath).text();
+      } else {
+        const { readFile } = await import('fs/promises');
+        cert = await readFile(this.config.certificatePath, "utf-8");
+      }
+    } else {
+      throw new PesafyError({
+        code: "INVALID_CREDENTIALS",
+        message: "certificatePath or certificatePem required to encrypt the initiator password"
+      });
+    }
+    return encryptSecurityCredential(this.config.initiatorPassword, cert);
+  }
+  // ── STK Push ──────────────────────────────────────────────────────────────
+  /**
+   * M-Pesa Express — sends a payment prompt to the customer's phone.
+   *
+   * Requires: lipaNaMpesaShortCode + lipaNaMpesaPassKey in config.
+   *
+   * @example
+   * const res = await mpesa.stkPush({
+   *   amount:           100,
+   *   phoneNumber:      "0712345678",
+   *   callbackUrl:      "https://yourdomain.com/mpesa/callback",
+   *   accountReference: "INV-001",
+   *   transactionDesc:  "Payment",
+   * });
+   * console.log(res.CheckoutRequestID); // use to poll status
+   */
   async stkPush(request) {
     const shortCode = this.config.lipaNaMpesaShortCode ?? "";
     const passKey = this.config.lipaNaMpesaPassKey ?? "";
     if (!shortCode || !passKey) {
-      throw new Error(
-        "lipaNaMpesaShortCode and lipaNaMpesaPassKey required for STK Push"
-      );
+      throw new PesafyError({
+        code: "VALIDATION_ERROR",
+        message: "lipaNaMpesaShortCode and lipaNaMpesaPassKey are required for STK Push"
+      });
     }
     const token = await this.getToken();
     return processStkPush(this.baseUrl, token, {
@@ -328,14 +452,23 @@ var Mpesa = class {
       passKey
     });
   }
-  /** STK Query - Check STK Push transaction status */
+  /**
+   * STK Query — checks the status of a previous STK Push.
+   *
+   * @example
+   * const status = await mpesa.stkQuery({
+   *   checkoutRequestId: "ws_CO_1007202409152617172396192",
+   * });
+   * if (status.ResultCode === 0) // payment confirmed
+   */
   async stkQuery(request) {
     const shortCode = this.config.lipaNaMpesaShortCode ?? "";
     const passKey = this.config.lipaNaMpesaPassKey ?? "";
     if (!shortCode || !passKey) {
-      throw new Error(
-        "lipaNaMpesaShortCode and lipaNaMpesaPassKey required for STK Query"
-      );
+      throw new PesafyError({
+        code: "VALIDATION_ERROR",
+        message: "lipaNaMpesaShortCode and lipaNaMpesaPassKey are required for STK Query"
+      });
     }
     const token = await this.getToken();
     return queryStkPush(this.baseUrl, token, {
@@ -344,117 +477,55 @@ var Mpesa = class {
       passKey
     });
   }
-};
-
-// src/express/index.ts
-function createMpesaExpressClient(config) {
-  if (!config.consumerKey || !config.consumerSecret) {
-    throw new PesafyError({
-      code: "INVALID_CREDENTIALS",
-      message: "consumerKey and consumerSecret are required"
-    });
-  }
-  if (!config.lipaNaMpesaShortCode || !config.lipaNaMpesaPassKey) {
-    throw new PesafyError({
-      code: "VALIDATION_ERROR",
-      message: "lipaNaMpesaShortCode and lipaNaMpesaPassKey are required for STK Push"
-    });
+  /**
+   * Transaction Status — queries the result of a completed M-Pesa transaction.
+   *
+   * Requires: initiatorName + (initiatorPassword + certificate) OR securityCredential.
+   *
+   * This is ASYNCHRONOUS. The synchronous response only confirms receipt.
+   * Final details are POSTed to your resultUrl.
+   *
+   * @example
+   * await mpesa.transactionStatus({
+   *   transactionId:   "OEI2AK4XXXX",
+   *   partyA:          "174379",
+   *   identifierType:  "4",
+   *   resultUrl:       "https://yourdomain.com/mpesa/result",
+   *   queueTimeOutUrl: "https://yourdomain.com/mpesa/timeout",
+   *   remarks:         "Check payment status",
+   * });
+   */
+  async transactionStatus(request) {
+    const initiator = this.config.initiatorName ?? "";
+    if (!initiator) {
+      throw new PesafyError({
+        code: "VALIDATION_ERROR",
+        message: "initiatorName is required for Transaction Status"
+      });
+    }
+    const [token, securityCred] = await Promise.all([
+      this.getToken(),
+      this.buildSecurityCredential()
+    ]);
+    return queryTransactionStatus(
+      this.baseUrl,
+      token,
+      securityCred,
+      initiator,
+      request
+    );
   }
-  if (!config.callbackUrl) {
-    throw new PesafyError({
-      code: "VALIDATION_ERROR",
-      message: "callbackUrl is required for STK Push callbacks"
-    });
+  /** Force the cached OAuth token to be refreshed on the next API call */
+  clearTokenCache() {
+    this.tokenManager.clearCache();
   }
-  const mpesa = new Mpesa(config);
-  return { mpesa };
-}
-function normalizePhone(phone) {
-  const digits = phone.replace(/\D/g, "");
-  if (digits.startsWith("254")) return digits;
-  if (digits.startsWith("0")) return `254${digits.slice(1)}`;
-  return digits;
-}
-function sendError(res, error) {
-  if (error instanceof PesafyError) {
-    const status = error.statusCode ?? 400;
-    res.status(status).json({
-      error: error.code,
-      message: error.message,
-      statusCode: status
-    });
-    return;
-  }
-  res.status(500).json({
-    error: "REQUEST_FAILED",
-    message: "Unexpected error while processing M-Pesa request"
-  });
-}
-function createMpesaExpressRouter(router, config) {
-  const { mpesa } = createMpesaExpressClient(config);
-  router.post(
-    "/mpesa/express/stk-push",
-    async (req, res, next) => {
-      try {
-        const body = req.body;
-        if (!body || typeof body.amount !== "number" || body.amount <= 0) {
-          throw new PesafyError({
-            code: "VALIDATION_ERROR",
-            message: "amount must be a positive number"
-          });
-        }
-        if (!body.phoneNumber) {
-          throw new PesafyError({
-            code: "VALIDATION_ERROR",
-            message: "phoneNumber is required"
-          });
-        }
-        const phoneNumber = normalizePhone(body.phoneNumber);
-        const result = await mpesa.stkPush({
-          amount: body.amount,
-          phoneNumber,
-          callbackUrl: config.callbackUrl,
-          accountReference: body.accountReference ?? `PESAFY-${Date.now().toString(36).toUpperCase()}`,
-          transactionDesc: body.transactionDesc ?? "Payment"
-        });
-        res.status(200).json(result);
-      } catch (error) {
-        if (res.headersSent) return next(error);
-        sendError(res, error);
-      }
-    }
-  );
-  router.post(
-    "/mpesa/express/stk-query",
-    async (req, res, next) => {
-      try {
-        const body = req.body;
-        if (!body || !body.checkoutRequestId) {
-          throw new PesafyError({
-            code: "VALIDATION_ERROR",
-            message: "checkoutRequestId is required"
-          });
-        }
-        const result = await mpesa.stkQuery({
-          checkoutRequestId: body.checkoutRequestId
-        });
-        res.status(200).json(result);
-      } catch (error) {
-        if (res.headersSent) return next(error);
-        sendError(res, error);
-      }
-    }
-  );
-  return router;
-}
+};
 
 // src/mpesa/webhooks/retry.ts
 var DEFAULT_OPTIONS = {
   maxRetries: Infinity,
   initialDelay: 1e3,
-  // 1 second
   maxDelay: 36e5,
-  // 1 hour
   backoffMultiplier: 2,
   maxRetryDuration: 30 * 24 * 60 * 60 * 1e3
   // 30 days
@@ -515,7 +586,7 @@ function verifyWebhookIP(requestIP, allowedIPs = SAFARICOM_IPS) {
 function parseStkPushWebhook(body) {
   try {
     const parsed = body;
-    if (parsed.Body?.stkCallback) return parsed;
+    if (parsed?.Body?.stkCallback) return parsed;
     return null;
   } catch {
     return null;
@@ -530,7 +601,7 @@ function handleWebhook(body, options = {}) {
         success: false,
         eventType: null,
         data: null,
-        error: "IP address not whitelisted"
+        error: `IP address ${options.requestIP} is not in the Safaricom whitelist`
       };
     }
   }
@@ -546,46 +617,44 @@ function handleWebhook(body, options = {}) {
     success: false,
     eventType: null,
     data: null,
-    error: "Unknown webhook format"
+    error: "Unknown or malformed webhook payload"
   };
 }
 function extractTransactionId(webhook) {
-  if ("Body" in webhook && webhook.Body?.stkCallback) {
-    const items = webhook.Body.stkCallback.CallbackMetadata?.Item;
-    const mpesaReceipt = items?.find(
-      (item) => item.Name === "MpesaReceiptNumber"
-    );
-    return mpesaReceipt ? String(mpesaReceipt.Value) : null;
-  }
-  return null;
+  const items = webhook.Body?.stkCallback?.CallbackMetadata?.Item;
+  const item = items?.find((i) => i.Name === "MpesaReceiptNumber");
+  return item ? String(item.Value) : null;
 }
 function extractAmount(webhook) {
-  if ("Body" in webhook && webhook.Body?.stkCallback) {
-    const items = webhook.Body.stkCallback.CallbackMetadata?.Item;
-    const amount = items?.find((item) => item.Name === "Amount");
-    return amount ? Number(amount.Value) : null;
-  }
-  return null;
+  const items = webhook.Body?.stkCallback?.CallbackMetadata?.Item;
+  const item = items?.find((i) => i.Name === "Amount");
+  return item ? Number(item.Value) : null;
+}
+function extractPhoneNumber(webhook) {
+  const items = webhook.Body?.stkCallback?.CallbackMetadata?.Item;
+  const item = items?.find((i) => i.Name === "PhoneNumber");
+  return item ? String(item.Value) : null;
+}
+function isSuccessfulCallback(webhook) {
+  return webhook.Body?.stkCallback?.ResultCode === 0;
 }
 
 exports.DARAJA_BASE_URLS = DARAJA_BASE_URLS;
 exports.Mpesa = Mpesa;
 exports.PesafyError = PesafyError;
-exports.TokenManager = TokenManager;
+exports.SAFARICOM_IPS = SAFARICOM_IPS;
 exports.createError = createError;
-exports.createMpesaExpressClient = createMpesaExpressClient;
-exports.createMpesaExpressRouter = createMpesaExpressRouter;
 exports.encryptSecurityCredential = encryptSecurityCredential;
 exports.extractAmount = extractAmount;
+exports.extractPhoneNumber = extractPhoneNumber;
 exports.extractTransactionId = extractTransactionId;
-exports.formatKenyanMsisdn = formatKenyanMsisdn;
 exports.formatPhoneNumber = formatSafaricomPhone;
-exports.formatSafaricomPhone = formatSafaricomPhone;
 exports.getCallbackValue = getCallbackValue;
 exports.getTimestamp = getTimestamp;
 exports.handleWebhook = handleWebhook;
 exports.isStkCallbackSuccess = isStkCallbackSuccess;
-exports.msisdnToNumber = msisdnToNumber;
+exports.isSuccessfulCallback = isSuccessfulCallback;
+exports.parseStkPushWebhook = parseStkPushWebhook;
 exports.retryWithBackoff = retryWithBackoff;
 exports.verifyWebhookIP = verifyWebhookIP;
 //# sourceMappingURL=index.cjs.map