Why your UPI app may soon restrict balance and account info requests

Starting August 1, new rules will aim to reduce slowdowns and improve transaction reliability for users

The corporation that manages the Unified Payments Interface (UPI) has issued fresh operational guidelines for apps to prevent system overloads and improve the reliability of the popular digital finance system.

 

The guidelines of the National Payments Corporation of India (NPCI) will be effective from August 1, 2025, and are aimed at controlling the volume and frequency of certain high-load API (Application Programming Interface) calls.

 

What it means for UPI users

 

NPCI has identified several non-financial API calls, such as balance enquiries, account listings, and mandate checks, as contributing factors to system slowdowns. To manage these more effectively, NPCI has prescribed the following restrictions:

 

Balance enquiry: Limited to 50 requests per app per customer in a 24-hour rolling window. Issuer banks must also include available balance in every successful UPI transaction message to reduce separate enquiries.

 

List of linked accounts: Limited to 25 times per app per customer per day. Each retry must be customer-initiated in case of failure.

 

Autopay mandates: Execution must happen outside peak hours (10 am to 1 pm and 5 pm to 9.30 pm). Only one attempt and up to three retries per mandate are allowed.

 

List of public keys and verified merchants: Payment services providers (PSP) may only request these once per day, and only during non-peak hours.

 

Transaction Status Checks: Must follow a staggered approach as per earlier guidelines issued by NPCI.

 

Focus on system discipline

 

NPCI has directed all PSP and acquiring banks to monitor and queue both customer-initiated and system-generated API traffic. Systems must not act as direct pass-throughs for backend requests, which can strain UPI’s infrastructure.

 

Peak hours are now officially defined as 10 am to 1 pm and 5 pm to 9:30 pm. All non-essential, non-customer-initiated API calls must be restricted during these times.

 

Compliance deadline and audits

 

All UPI members must implement these rules by July 31, 2025. Additionally, banks are required to conduct immediate audits of their systems via Cert-in empanelled auditors, and share the findings with NPCI by August 31, 2025.

 

NPCI has warned of strict action in case of non-compliance, including API restrictions, penalties, and even suspension of new customer on-boarding.