API Explained: From Basics to Real-World Systems (UPI Deep Dive)

When you send ₹100 using PhonePe or Google Pay, it feels instant.

But behind that single tap, multiple systems communicate in real time across different banks.

👉 This seamless communication is powered by APIs.

🧠 What is an API?

An Application Programming Interface (API) is a set of rules that allows one software system to request another system to perform an action and return a result.

In simple terms:

Request → Process → Response

🍽️ Simple Analogy

Think of a restaurant:

• You → Client
• Waiter → API
• Kitchen → Backend

You don’t enter the kitchen yourself

You just place an order, the waiter handles everything, and you get your food

APIs work exactly the same way between different systems.

🔍 Types of APIs (Quick Overview)

• REST APIs — Most common (uses HTTP methods: GET, POST, PUT, DELETE)
• GraphQL — Client decides exactly what data it needs
• gRPC / SOAP — Used in high-performance or enterprise systems

In this blog, we’ll mainly focus on REST APIs, as they power most modern applications including UPI.

⚙️ Basic API Example

Here’s a very simple API call:

GET /users/1

Response:

{
  "name": "Sreekanth",
  "role": "DevOps Engineer"
}

The client requests data → the server processes it → and sends back the response.

📲 Real-World Example: UPI Payment Flow

Let’s see what actually happens when you send ₹100:

App → Payer Bank → NPCI → Payee Bank → Response

Step-by-step:

1. App collects amount + UPI PIN (encrypted)
2. App sends a secure API request to your bank
3. Your bank validates:
   • UPI PIN
   • Account balance
   • Daily limits
4. Request is forwarded to NPCI (National Payments Corporation of India)
5. NPCI routes the request to the payee’s bank
6. Payee’s bank credits the amount
7. Success response flows back to both apps

👉 Total time: Usually under 2–3 seconds ⚡

Here’s the high-level UPI transaction flow:

Another clean view of the UPI flow:

And a simplified version showing Payer PSP → NPCI → Payee PSP:

🔔 When Things Are Not Instant (Webhooks)

Sometimes the bank takes longer.

Instead of waiting:

Transaction marked Pending ⏳
Bank/NPCI sends a Webhook callback 🔔 once completed

👉 Think of it as:
“Don’t call us, we’ll call you.”

This makes systems asynchronous and scalable.

⚙️ Sample UPI API Request

POST /v1/payments/upi HTTP/1.1
Host: api.phonepe.com
Authorization: Bearer <access_token>
Content-Type: application/json

{
  "amount": 10000,           // in paise (₹100)
  "payeeVpa": "friend@oksbi",
  "remarks": "Lunch money",
  "txnId": "txn-12345"       // used for idempotency
}

Response:

{
  "status": "SUCCESS",
  "transactionId": "UPI987654321",
  "responseCode": "00"
}

🧩 API Request/Response Lifecycle (End-to-End Flow)

Every API call follows a clear lifecycle. Here’s what happens from the moment the request is sent until the response is received:

🔧 What Happens Inside the Backend

When an API receives a request, it goes through several important layers:

1. API Gateway – Handles rate limiting & routing
2. Authentication – JWT, OAuth2, or API keys
3. Input Validation – Checks request format and data
4. Business Logic – Balance check, fraud detection, rules
5. Database Operations – Secure debit/credit (ACID transaction)
6. External API Calls – To NPCI or other banks
7. Logging & Monitoring – For debugging and observability
8. Response – Sent back to the client

👉 To prevent duplicate payments, systems use idempotency keys (txnId).

🏦 Why ACID Matters in Payments

Banking systems rely on ACID properties:

Atomicity: Either full transaction happens or none
Consistency: Total money remains correct
Isolation: Millions can transact simultaneously safely
Durability: Once success is returned, it’s permanent

👉 This ensures no “money lost” scenarios.

🔄 Microservices Architecture

Modern apps like PhonePe are not built as one single block. They are divided into independent microservices:

• User Service
• Payment Service
• Notification Service
• Fraud Detection Service

These services talk to each other using internal APIs or message queues.

This makes systems scalable and fault-tolerant

⚡ Scaling APIs for Millions of Transactions

Apps like PhonePe and Google Pay handle crores of transactions every day using:

• Load balancing
• Horizontal scaling (Kubernetes)
• Caching (Redis)
• Message queues (Kafka)
• Rate limiting
• Circuit breakers

🎯 Final Takeaway

APIs are not just a technical concept — they are the invisible engine behind everything:

Sending money 💰
Logging in 🔐
Fetching data 📊

Once you understand APIs,
you start seeing the architecture behind every app you use.

---