Key UPI transactions may face restrictions from August 1 under NPCI’s new API guidelines to prevent outages

Starting July 31, 2025, UPI users will face limits on how often they can perform certain non-financial actions like checking account balances or transaction statuses, as the National Payments Corporation of India (NPCI) moves to regulate API usage across the payment ecosystem. The new framework is aimed at preventing system overloads and improving the reliability of UPI services during peak hours.In a circular issued on May 21, 2025, NPCI directed all banks and Payment Service Providers (PSPs) to moderate and monitor the use of ten high-frequency APIs—requests initiated by users or systems on the UPI network, according to an ET report. These include APIs for balance enquiry, autopay mandate execution, transaction status checks, and account listing. Banks and PSPs have until July 31 to comply, failing which they may face penalties, API restrictions, or suspension of customer onboarding.“PSP banks and/or acquiring banks shall ensure all the API requests (in terms of velocity and TPS — transactions per second limitations) sent to UPI are monitored and moderated in terms of appropriate usage (customer-initiated and PSP system-initiated),” the circular stated. PSPs are also required to submit an undertaking by August 31 affirming that system-initiated APIs are properly rate-limited and queued.Among the most significant changes, balance enquiry API usage will be restricted to 50 requests per app per customer per day. This means users who access multiple UPI apps, such as Paytm and PhonePe, can check balances up to 50 times on each app daily.“This might be an inconvenience to traders and other users who check their balances or transactions extremely frequently,” says Musharraf Hussain, Chief Operating Officer, Ezeepay. “However, this is being done so that UPI’s infrastructure core remains stable and available for use by all.”The circular mandates that apps must discourage balance checks during peak hours (10 AM–1 PM and 5 PM–9:30 PM), and instead, banks will be required to send updated balances with each successful transaction notification. Still, this may reduce the ability for users to get real-time balance updates at will.“Customers might not be able to get a real-time, updated balance of their accounts on PSP apps,” said Pavan Kumar, Chief Product Officer at NPST. However, NPCI has clarified that customers will continue to receive accurate balance updates even after the changes go into effect.Autopay and transaction status APIs also get time-based restrictionsAutopay mandates—used for recurring payments like SIPs or subscription services—will now be executed only during non-peak hours, even though customers can continue to create them at any time. “A maximum of 1 attempt, with 3 retries per mandate, can be initiated at moderated TPS only during non-peak hours for autopay mandate,” the circular notes.For the check transaction API, banks and PSPs must now delay the first status check by 90 seconds after transaction authentication and limit checks to three calls within a two-hour window. Certain error codes will result in transactions being treated as failed to avoid unnecessary repeated calls.Furthermore, acquiring banks will now be required to undergo an annual audit by CERT-In empanelled auditors, with the first audit due by August 31 this year.Kumar emphasized that of the ten APIs listed, only one is financial (autopay). “The other nine are non-financial, thereby meaning financial transactions will not be significantly disrupted during peak hours,” he said.Limits also apply to account listing requestsAnother key API being regulated is the account listing request, which allows users to view all accounts linked to their mobile number. This request will be limited to 25 times per app per customer per day, and will only be allowed once the customer selects their issuer bank in the app. Re-attempts can only be made with explicit customer consent.The new regulations are part of NPCI’s broader strategy to streamline backend infrastructure amid the rising load of real-time payments. By imposing limits on high-frequency API calls, NPCI aims to ensure smoother user experiences, especially during peak transaction windows.