From M-Pesa Confirmation to Internet Access, a Complex System Goes to Work in Seconds.
To most users, buying a public Wi-Fi bundle appears simple. Connect to a hotspot, pay through M-Pesa and start browsing. But behind that simple process is a network of routers, servers and automated software working together to grant internet access within seconds.
Every public Wi-Fi hotspot is connected to an internet source usually a fibre connection supplied by an internet service provider. The internet connection is linked to a router that manages all devices attempting to connect to the network.
When a user joins the Wi-Fi network, the router immediately recognizes a new device. However, instead of allowing unrestricted internet access, the system places the device in a restricted state. This means the user can connect to the Wi-Fi signal but cannot access websites, social media platforms or online services.
The router then intercepts any internet request made by the user and redirects them to a special payment page known as a captive portal. The portal acts as a digital gatekeeper. No one can access the internet without first passing through it.
Once the user selects a package and completes payment through M-Pesa, the hotspot's billing system receives an automatic notification confirming that the transaction was successful. At this point, several automated checks occur almost instantly.
The system first verifies the amount paid and confirms that it matches the selected package. It then identifies the customer's device using a unique hardware identifier known as a MAC address. This address functions like a digital fingerprint allowing the system to distinguish one device from another.
The billing server then creates a user session and stores details including the device identity, package purchased, start time and expiry time.
Next, the billing system communicates directly with the router controlling the hotspot. The router receives instructions to remove restrictions from the customer's device and allow it to access the wider internet. This process takes only a few seconds.
As soon as authorization is granted, internet traffic begins flowing between the user's device and websites across the world.
Behind the scenes, the router continues monitoring the connection.
The system constantly tracks how long the user has been connected and whether the purchased package remains active.
Many hotspot operators also use traffic management systems that control internet speeds and distribute bandwidth among users to prevent a small number of customers from consuming all available capacity.
If hundreds of users are connected simultaneously, the system dynamically allocates resources to maintain stable performance.
Meanwhile, databases continuously record user sessions, payment information, connection times and network activity for operational and security purposes.
The hotspot operator can view this information through an administrative dashboard showing active users, revenue generated, network usage and remaining bandwidth.
As the purchased time approaches expiry, the billing system prepares to terminate the session. The moment the allocated time ends, the server sends a command to the router revoking the device's authorization. Internet access is immediately cut off and the user is redirected back to the payment portal.
The device remains connected to the Wi-Fi signal but access to the internet is blocked until another package is purchased.
What appears to users as a simple Wi-Fi purchase is actually a carefully coordinated interaction between fibre networks, routers, payment systems, databases, authentication servers and billing software.
In the space of a few seconds, these systems verify payments, identify devices, authorize access, monitor usage and eventually disconnect users when their purchased time expires.
It is a largely invisible process that has transformed public internet access across Kenya allowing thousands of users to get online with nothing more than a smartphone and a few shillings on M-Pesa.