By IndiaHub 
These include raising requests for balance inquiry, autopay mandate execution, checking transaction status, and more. This means that going ahead, UPI users will only be able to undertake these transactions a specific number of times during the day.
“PSP banks and/or acquiring banks shall ensure all the API requests (in terms of velocity and TPS — transactions per second limitations) sent to UPI are monitored and moderated in terms of appropriate usage (customer-initiated and PSP system-initiated)”, highlights the circular dated May 21, 2025.
Failure to meet these directions could result in API restrictions, penalties, suspension of new customer onboarding, or other measures deemed appropriate by NPCI for PSPs and banks, the circular further added. Additionally, all PSPs will have to submit an undertaking to NPCI by August 31, 2025, stating that all system-initiated APIs must be “queued and rate-limited.”
According to the circular, all non-customer-initiated APIs must be restricted during peak hours, which are defined as 10 AM to 1 PM and 5 PM to 9:30 PM during the day. Read on to know that these API moderations will impact your UPI transactions post-July.
Live Events
Requests for balance enquiry, list of linked account numbers to be restricted
Out of the 10 APIs on which restrictions have been placed, 9 are non-financial in nature, while only 1 (autopay mandate) is financial. The balance enquiry API, through which UPI users can initiate a request for checking their account balance, has been restricted to 50 per app per customer per day from July 31. This means that, for instance, if you use both Paytm and PhonePe, you will only be able to check your account balances on these apps 50 times each within 24 hours.The circular highlights that UPI apps must build adequate infrastructure to limit or stop balance enquiries during peak hours. And also, to avoid repeated raising of such queries, banks will also have to send the available balance in a customer’s account with each successful transaction notification. NPCI has clarified that customers will continue to get real-time, updated balances of their bank accounts even after these directions have been implemented.
Autopay mandate will only work in non-peak hours
Autopay mandates on UPI, which allow users to authorise their bank to automatically debit a specific amount from their account on a recurring basis (daily, monthly, or a pre-decided frequency) for various purposes like daily SIP, Netflix subscriptions, or more, will only be executed during non-peak hours.
“A maximum of 1 attempt, with 3 retries per mandate, can be initiated at moderated TPS only during non-peak hours for autopay mandate”, the circular explains. Note that customers can create autopay mandates even during peak hours, but their execution will only take place during non-peak hours.
For the check transaction API, which lets PSPs and banks request transaction status, the circular compels banks and PSPs to stagger calls to the first check transaction status API for at least 90 seconds from when the transaction is authenticated, and to keep calls limited to a maximum of three in any two-hour window. Also, banks shall treat transactions as failed for certain identified error codes and cease repeated “check transaction status” API calls for such transactions.
Moreover, every acquiring bank will have to get an annual audit done on its system by auditors empanelled with CERT-In, with the first audit report to be submitted on or before August 31 this year.
Similarly, the list account request, which helps a user to find the list of all accounts that are associated with their mobile number, can only be initiated 25 times per app within every 24 hours by one customer. Moreover, this can be triggered only once the customer selects the issuer bank in the UPI app, and will be retried only after customer consent.
The original story was published with quotes from industry experts, which were later withdrawn