From August 1, 2025, some important transactions carried out via Unified Payments Interface (UPI) will come under new restrictions following the implementation of revised Application Programming Interface (API) guidelines by the National Payments Corporation of India. It is a commendable step taken to ensure, between stability and security, that India's much-relied-upon digital payments platform is not troubled by recurring outages whenever the platform witnesses heavy traffic.
As per the circular from the NPCI, which was sent to all banks and PSPs for their compliance, limits are to be set for the utilization of 10 critical APIs by July 31, 2025. These include very commonly used non-financial functions such as balance inquiries, transaction status checks, et cetera, and some aspects of autopay mandates.
The main intention behind this is to restrict the unnecessary load on the UPI network created by repeated API calls that, at certain times, have rendered the system slow and near shutdown.
According to the new directives, users will be promised 50 balance checks per application per user per day. Hence, if a person uses two or more UPI applications like Paytm and PhonePe, the number of checks on one UPI application will not interfere with checks on the others, with the limit set at 50 per application.
Similarly, listing linked bank accounts will be limited to 25 inquiries per application per day, requiring separate explicit user consents for subsequent attempts.
An important change affects UPI Autopay Mandates for recurring payments such as SIPs and subscriptions. Autopay mandates may be initiated at any time by users; however, the execution of such mandates shall now be suspended during peak hours of 10 AM-1 PM and 5 PM-9:30 PM.
Each Autopay Mandate shall be permitted a single attempt and up to three retries, with throttling in place to control transaction rates so as not to strain the system.
Also introduced are tighter restrictions for transaction status checks. Banks and apps will have to stay idle for a minimum period of 90 seconds after the first transaction authentication before they can initiate the first status check on that transaction.
Greater than three calls in two hours for one transaction will be disallowed for subsequent status checks; API calls involving non-user interactions shall also be restricted during peak hours.
NPCI has stressed that following the new API usage guidelines is of utmost importance. Should banks or PSPs fail to comply, stringent sanctions will follow: restrictions on the usage of APIs, monetary penalties, and also the stoppage of new customer onboarding.
All PSPs and banks will need to provide an undertaking on or before August 31, 2025, declaring their compliance with the new rules, particularly concerning the queuing and throttling of API calls. Also, acquiring banks would be subjected to system audits annually by CERT-In empanelled auditors, with the first audit due on August 31.
While these changes require some user behavioral adjustments, especially for heavy users, NPCI's primary goal is to build a stronger, more stable, and more efficient UPI ecosystem.
This will enable it to handle India's rapidly growing volumes of digital payments more effectively. Financial transactions are not directly affected by non-financial API call limits during peak hours.