 "UPI outage April 2025, Unified Payments Interface disruptions, NPCI monitoring mechanism, UPI transaction status API, India digital payments issues, UPI API call limits, PSP banks UPI outage, April 12 UPI failure, NPCI and banks meeting, UPI real-tim")
The National Payments Corporation of India (NPCI) adopted a more cautious approach to authorising new third-party United Payments Interface (UPI) applications in 2025. According to sources, this was due to a system downtime in April that was triggered by a surge of API (application programming interface) calls.
The apex retail payments body authorised 13 new third-party UPI apps in 2025, out of which, five were live only for a closed user group.
In comparison, 18 new apps went fully live in 2024 -- a record high number of authorisations in any year.
Separately, there are around 20 third-party apps in the pipeline, across different stages of approvals, awaiting full authorisation from the NPCI, according to a source.
Also Read
 "Steel")
 "Marriott International, hotels")
 "Real estate")
 "Industry pollutant")
 "A policeman walks on a beach near Kudankulam nuclear power project (photo: Reuters)")
In total, the UPI ecosystem has 45 third-party application providers (TPAPs), which are non-bank entities that are powered by payment service provider (PSP) banks, according to latest data.
The cautious approach towards new applications is also part of efforts to strengthen the ecosystem’s security and roll out updates aimed at payments fraud mitigation.
The NPCI did not respond to a request for a comment sent by Business Standard till press time.
Till 2023, new TPAP approvals were recorded in single digits, data from NPCI shows.
Due diligence
As part of risk-mitigation measures, PSP banks are now required to provision TPAP-specific internet protocol (IP) address blocks, according to two sources.
“It gives NPCI control to stop a transaction from a particular IP without affecting the flow of other TPAPs or other banks. Earlier, it did not have that control when a PSP bank powered multiple apps through a single block, which made it difficult to monitor and control. Now, there are TPAP-specific IPs which can be blocked,” an industry executive said, requesting anonymity.
TPAPs enable UPI access to users. Some examples include PhonePe, Google Pay, Paytm, and others.
A second source explained that this is one of the major ways to prevent system disruptions that may arise from a potential misuse of the system.
“The UPI-related outage was caused by a massive spike in check transaction API requests burdening the system, eventually leading to an outage. In order to mitigate that and introduce a rate-limit, it has to only be IP-based,” the person explained.
APIs are sets of protocols and tools that enable secure data exchanges between banking systems and the UPI network.
New apps
New standards and safety procedures have pushed back the launch timelines of newer apps, with many still awaiting final approval from NPCI.
In December, many received an approval but that was restricted to a closed user group only.
“A company, which may have received approvals five years ago, has gone through multiple updates over the years. But today, the expectation is that a new player should also be equipped with the same standards from day one,” one of the sources cited above said.
 "US jobs, jobs data, US population, job report, unemployment")
 "Rare earth mineral mining in Inner Mongolia, China. In April, China stopped almost all shipments of critical minerals that are needed for cars, jet fighters and other technologies. | Image Credit: Reuters")
 "jobs")
 "telecom, TRAI")
 "Rice, Rice exports")
