NewKerala.com

Key Points

The National Payments Corporation of India (NPCI) has introduced critical guidelines to prevent widespread UPI transaction failures after a massive nationwide outage in April. Banks are now required to limit their transaction status API checks, waiting at least 90 seconds between requests and conducting no more than three checks within two hours. These new regulations aim to reduce system stress and prevent potential digital payment disruptions. The move comes after millions of users experienced transaction difficulties, highlighting the importance of robust digital payment infrastructure.

Key Points: NPCI Limits UPI API Checks to Prevent Nationwide Payment Outage

  • NPCI restricts transaction status API checks to prevent system overload
  • Banks must wait 90 seconds between initial transaction and status check
  • Maximum of three API status checks allowed within two hours
  • Mandatory system audit by empanelled cybersecurity experts
2 min read

NPCI directs banks to limit 'check transaction' API usage to avoid UPI outage

NPCI mandates strict API usage rules for banks to prevent UPI transaction disruptions and ensure smooth digital payments nationwide

"Payment service provider banks will monitor and moderate API requests - NPCI Notification"

New Delhi, April 29

In the wake of the mega unified payments interface (UPI) outage earlier this month, the National Payments Corporation of India (NPCI) has asked banks to ensure that all the API requests (traffic) sent to UPI is monitored and moderated in terms of appropriate usage.

The relentless transaction status checks by banks resulted in the massive UPI outage on April 12, leaving millions stranded.

In a notification, the NPCI has said that banks will initiate the first check transaction status API after 90 seconds from the initiation/authentication of the original transaction.

“After the timers are changed, members may initiate the same after 45 to 60 seconds of the initiation/authentication of original transaction, after NPCI revised communication,” said the agency.

Banks may initiate maximum of three check transaction status APls, preferably within two hours from the initiation/authentication of the original transaction, it added.

Payment service provider banks will ensure that all the API requests (traffic) sent to UPI is monitored and moderated in terms of appropriate usage -- for restricting high number of repeat APIs for same transactions or older transactions, etc.

According to the notification, payment service provider banks will audit their systems by “Cert-in empanelled auditor on an immediate basis, to review the API usage and existing systems behaviour, and annually hereafter”.

“PSP banks/Acquiring Banks shall ensure that there is no batch processing (by processing file and converting to online request at high TPS) of any of the non-financial APIs sent to UPI Online systems,” read the notification.

Subsequently, in case of U48 error (Transaction ID not present or not found in UPI System) within first two 2 hours from initiation of the original transaction, then banks will refer the NPCI settlement files (available to Payee, Payer or PSP banks) after the settlement cycle is completed.

“Alternatively, members may initiate a maximum of one check transaction status API on UDIR (Unified Dispute and Issue Resolution) which, in turn, checks URCS (UPI Backoffice) to fetch the final settlement status of the transaction,” according to the NPCI.

On April 12, digital payments via UPI suffered a nationwide outage affecting millions of users, hindering local shopping, bill payments and business transactions. Major banking apps from SBI, ICICI, and HDFC were also affected, pointing to a broader issue within the UPI network infrastructure.

- IANS

Share this article:

Reader Comments

R
Rahul K.
Finally some action being taken! That outage was a nightmare when I was trying to pay at a grocery store. Hope these new rules prevent future disruptions. 🙏
P
Priya M.
Interesting read. I work in fintech and this makes complete sense - too many status checks can definitely overwhelm systems. The 90-second initial wait seems reasonable.
A
Amit S.
While I appreciate NPCI's response, I wish they had better load testing in place before this happened. UPI is critical infrastructure - can't afford these outages.
S
Sneha P.
Was stuck at a petrol pump during the outage! Had to borrow cash from a stranger. These new guidelines better work! 😅
V
Vikram J.
Good move by NPCI. The API limits and annual audits should help maintain system stability. UPI has been revolutionary for India's digital payments - need to protect it.
N
Neha T.
I wonder if smaller banks will struggle with these new requirements? The audit part seems particularly resource-intensive.

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50