Skip to content

UPI / Real-time Payments — Detailed#

flowchart TB
  subgraph Apps[PSP Apps]
    GP([GPay / PhonePe / Paytm / BHIM])
  end

  subgraph PSP[PSP / TPAP]
    SDK([UPI SDK])
    PSPC[PSP core service]
    DEV([Device + MPIN auth])
    SIM([SIM binding / one device])
  end

  subgraph Switch[NPCI UPI Switch]
    SWITCH[Central switch]
    ROUTE[VPA → bank mapping]
    NRR[NPCI reference]
    UDIR[UPI directory]
  end

  subgraph PayerBank[Payer Bank]
    PBANK[Bank CBS]
    ACCT[Account holds]
    DEBIT[Debit on success]
  end

  subgraph PayeeBank[Payee Bank]
    RBANK[Bank CBS]
    CREDIT[Credit]
  end

  subgraph Reconciliation
    RECON[Recon files end-of-day]
    REVERSAL[Reversal / NACK]
    DR[Dispute resolution]
  end

  subgraph Security
    PKI[Public key infra]
    SIGN[Signed messages]
    MPIN[MPIN at bank, never at PSP]
  end

  Apps --> SDK --> PSPC --> SWITCH
  SWITCH --> PayerBank
  SWITCH --> PayeeBank
  PayerBank -. credit confirm .-> SWITCH
  PayeeBank -. credit confirm .-> SWITCH
  Reconciliation --- SWITCH
  Security --- PSPC

    classDef client fill:#dbeafe,stroke:#1e40af,stroke-width:1px,color:#0f172a;
    classDef edge fill:#cffafe,stroke:#0e7490,stroke-width:1px,color:#0f172a;
    classDef service fill:#fef3c7,stroke:#92400e,stroke-width:1px,color:#0f172a;
    classDef datastore fill:#fee2e2,stroke:#991b1b,stroke-width:1px,color:#0f172a;
    classDef cache fill:#fed7aa,stroke:#9a3412,stroke-width:1px,color:#0f172a;
    classDef queue fill:#ede9fe,stroke:#5b21b6,stroke-width:1px,color:#0f172a;
    classDef compute fill:#d1fae5,stroke:#065f46,stroke-width:1px,color:#0f172a;
    classDef storage fill:#e5e7eb,stroke:#374151,stroke-width:1px,color:#0f172a;
    classDef external fill:#fce7f3,stroke:#9d174d,stroke-width:1px,color:#0f172a;
    classDef obs fill:#f3e8ff,stroke:#6b21a8,stroke-width:1px,color:#0f172a;
    class GP,SDK,DEV,SIM client;
    class PSPC,SWITCH,ROUTE,NRR,UDIR,PBANK,ACCT,DEBIT,RBANK,CREDIT,RECON,REVERSAL,DR,PKI,SIGN,MPIN service;

Flow (push, person-to-person)#

  1. Payer enters VPA + amount; signs request with MPIN on phone (verified at bank).
  2. PSP forwards to NPCI switch.
  3. Switch routes debit to payer bank.
  4. On success, switch sends credit to payee bank.
  5. Both banks acknowledge; switch returns NRR.
  6. Both PSPs notify users.

Latency budget#

  • End-to-end 2-5 s typical; SLA defined by NPCI.

Idempotency & retries#

  • Each leg has unique txn_id; retries must be idempotent.
  • Reversals on partial failure (debit success, credit fail) are critical and must be auditable.

Glossary & fundamentals#

Concepts referenced in this design. Each row links to its canonical page; the tag column shows whether it is a high-level (HLD) or low-level (LLD) concept.

Tag Concept What it is Page
HLD Idempotency & retries safe re-execution, backoff + jitter idempotency-retries