Article
How to accept UPI payments in an app
UPI has become the default way Indians pay. If you are building an app that charges money — a store, a subscription, a booking flow, a donation page — you need UPI to work smoothly, or people will abandon checkout. The good news is that you do not integrate with the UPI network directly. You go through a payment gateway that handles the banks, the NPCI rails, and compliance for you. This guide explains exactly how UPI payments work inside an app, the collect vs intent flows, what code you actually write, and how to test and go live without surprises.
UPI (Unified Payments Interface) is run by the National Payments Corporation of India (NPCI). When a customer pays, money moves instantly from their bank account to yours using a VPA (a UPI ID like name@bank) or a QR code. Your app never touches bank credentials. Instead, a payment gateway sits in the middle: you tell it how much to charge, it creates a transaction, the customer approves it in their UPI app (GPay, PhonePe, Paytm, BHIM), and the gateway tells you whether it succeeded.
The two UPI flows you need to understand
There are two ways a UPI payment can be triggered, and your app usually supports both. Knowing the difference saves you a lot of confusion during integration.
- Collect flow: your gateway sends a payment request to the customer's VPA. They get a notification inside their UPI app and approve it. This works even on desktop, but depends on the customer noticing and acting within a short timeout (usually a few minutes).
- Intent flow: on a phone, your app opens the customer's UPI app directly with the amount pre-filled. They just enter their PIN and confirm. This is the smoothest mobile experience and has the highest success rate, which is why most mobile checkouts default to it.
- QR / static VPA: for in-person or simple cases, you show a QR code the customer scans. Good for offline, but you still need a way to reconcile which payment belongs to which order.
Step 1: Choose a payment gateway
You cannot connect to NPCI on your own without being a licensed entity, so you pick a gateway that is already integrated. Popular India-first options include Razorpay, Cashfree, PhonePe Payment Gateway, and Paytm. Compare them on the things that actually matter for a small team: pricing, settlement time, ease of KYC, and quality of the test environment.
| Factor | What to check | Why it matters |
|---|---|---|
| Fees | Per-transaction MDR on UPI | UPI is often low-cost or zero MDR for small merchants; confirm your slab |
| KYC | Documents and approval time | You cannot go live until KYC clears, so start early |
| Settlement | T+1, T+2, or instant | Affects your cash flow, especially for daily-revenue apps |
| Webhooks | Reliable server-to-server events | This is how you confirm a payment truly succeeded |
| Test mode | Sandbox with test VPAs | Lets you build without spending real money |
Step 2: The integration, end to end
The pattern is nearly identical across gateways. On your server you create an order for the exact amount, in paise, and store it in your database with a status of pending. You return the gateway's order ID to your app. The app opens the gateway's checkout (or fires a UPI intent), the customer pays, and then two things happen: the app gets a client-side callback, and your server gets a webhook. Never trust the client callback alone.
- Create an order server-side with amount and a unique receipt ID.
- Launch checkout in the app using the gateway's SDK or a UPI intent URL.
- Verify the payment signature on your server so no one can fake a success.
- Confirm the final status from the webhook, then mark the order paid and fulfil it.
The single most common UPI bug is trusting the front end. A user can close the app, lose network, or a fraudster can fake a callback. Your database should only mark an order paid after your server verifies the signature and receives the gateway webhook.
Step 3: Handle the messy real-world cases
UPI is fast but not always clean. Build for the edge cases from day one. Payments can be pending for a minute or two before confirming. A user might get charged but see a failure on their screen because the callback got lost. Refunds need their own flow. And you must show clear status so people do not pay twice.
- Idempotency: use a unique receipt per order so retries do not create duplicate charges.
- Reconciliation: run a scheduled check against the gateway for orders stuck in pending.
- Refunds: expose a server endpoint that calls the gateway's refund API and logs it.
- Receipts: send a confirmation over email or WhatsApp so customers trust the transaction.
Step 4: Test, then go live
Every serious gateway gives you a sandbox with test VPAs (like success@razorpay) that simulate approved and failed payments without real money. Test both flows, test a failed payment, test a refund, and test what your app shows when the webhook arrives late. Only after that do you complete KYC, switch to live API keys, and do one small real transaction to confirm settlement lands in your bank.
Where Kashvi fits
Kashvi is an AI app builder: you describe your app in plain English and it builds a real, working app with a real Postgres database, real user sign-up and login, and full downloadable code you own. Payments are first-class for Indian founders — you can ask it to wire up Razorpay and UPI, and it scaffolds the server-side order creation, signature verification, and webhook handling using the correct pattern above, so you are not copy-pasting fragile snippets. You still bring your own gateway account and keys, and you still complete KYC yourself — Kashvi does the plumbing, not the compliance. Because you own the exported code, you can inspect and change every line of the payment flow, which matters when money is involved. If an AI generation ever fails, Kashvi refunds the credits rather than leaving you with a broken build.
Questions
Frequently asked
- Do I need an NPCI licence to accept UPI in my app?
- No. You go through a payment gateway that is already integrated with NPCI. You only need a merchant account with the gateway and to complete their KYC. The gateway handles the bank and UPI network connections for you.
- What is the difference between UPI collect and UPI intent?
- Collect sends a payment request to the customer's UPI ID which they approve in their app, and it works on desktop. Intent opens the customer's UPI app directly on a phone with the amount pre-filled, which is faster and has higher success rates on mobile.
- How do I know for sure a UPI payment succeeded?
- Never rely on the client-side callback alone. Verify the payment signature on your server and confirm the final status from the gateway webhook before marking the order paid. Also run a reconciliation job for payments stuck in pending.
- Is UPI cheaper than cards for my app?
- For many small merchants UPI carries low or zero MDR, while cards usually cost more per transaction. Confirm your exact pricing slab with your gateway, as it depends on your business type and volume.
- Can I test UPI payments without spending real money?
- Yes. Gateways provide a sandbox with test VPAs that simulate successful and failed payments. Test the happy path, a failure, a refund, and a delayed webhook before going live with real keys.
- Does Kashvi handle the whole UPI setup for me?
- Kashvi scaffolds the code — order creation, signature verification, and webhook handling — using the correct secure pattern, and you own the exported code. You still provide your own gateway account and API keys and complete KYC yourself.
Keep exploring
Build an app that takes UPI, the right way
Describe your app in plain English and get a real, working build with the payment plumbing wired up correctly — code you own, no lock-in.
Open the studioFree to start · no credit card