NPCI issues two circulars on API usage amid rising UPI disruptions

NPCI has asked banks to enforce changes in the response time of UPI APIs by June 16

UPI, UPI payments, UPI payment — NPCI has asked banks to enforce changes in the response time of UPI APIs by June 16. | Photo: Shutterstock

3 min read Last Updated : Apr 29 2025 | 10:54 PM IST

National Payments Corporation of India (NPCI) last week issued two circulars giving guidelines on application programming interfaces (APIs) that aims at reducing outages in the Unified Payments Interface (UPI).

One of the two is on reducing the response time for four application programming interfaces (APIs) whereas the second lists directions to prevent the misuse of APIs associated with real-time payments.

NPCI has asked banks to enforce changes in the response time of UPI APIs by June 16.

“With banks capacity is not an issue. When the outages happened, there was no limit to how many times a bank could send queries to check the transaction status. If there was a slowdown in any hop, banks would bombard the system with more calls, leading to further slowdown. Banks and NPCI are working together on this,” a senior banker said.

Streamlining the system

APIs are protocols and tools that enable secure data exchanges between banking systems and the UPI network.

The response time for the “check transaction status” API was 30 seconds. The revised time is 10 seconds. A similar change has been introduced for the “transaction reversal (debit and credit)” API.

Others, including API concerned with the “request and response pay” function, have been brought down from 30 seconds to 15 seconds, whereas the “validate address” piece is down to 10 seconds from 15 seconds.

“These are small changes but will improve the customer experience. To give an example, let’s say, I had to wait for 30 seconds earlier to retry a transaction that may not be going through due to a low network zone. I don’t have to wait that long now and can retry it at a smaller interval with the new directions,” an executive at a fintech company said.

The person added companies might require more clarity in due course to understand if these revised response times applied to all types of transactions, including those categorised as “high-risk”.

“Each transaction is defined by codes in our library. There are some high-risk transactions and we need to understand if these directions will be uniformly implemented for those as well. That clarity may be required,” the person added.

Arresting overuse or misuse

In a separate circular on guidelines to prevent the misuse or overuse of APIs, NPCI instructed payment service provider (PSP) banks and acquiring banks to initiate a maximum of three “check transaction status” APIs within the first two hours of initiating the original payment.

These banks are required to consider a particular transaction as “failed” if they receive an error from a list of errors.

They should refrain from initiating further “check transaction status” APIs.

“PSP banks/acquiring banks shall initiate the first check transaction status API after 90 seconds from the initiation/authentication of the original transaction. After the timers are changed members may initiate the same after 45 to 60 seconds of the initiation/authentication of original transaction, after NPCI revised communication,” it said in the circular.