18px
System Design·March 1, 2026·7 min read

How UPI Payments Actually Work Under the Hood (A Beginner's Guide to System Design)

You scan a QR code, enter your PIN, and within two seconds a speaker announces 'Received twenty rupees.' Behind those two seconds is a beautifully orchestrated dance of distributed systems. Here's the system design.

Bhupesh Kumar
7 min read · March 1, 2026
How UPI Payments Actually Work Under the Hood (A Beginner's Guide to System Design)

You know the drill. You scan a QR code at a chai tapri, enter your PIN, and within two seconds, a little speaker box announces, "Received twenty rupees on PhonePe." It feels like magic. But behind those two seconds is a beautifully orchestrated dance of distributed systems.

If you are a fresher getting into backend engineering, understanding how a payment system works is a rite of passage. Today, we are going to look at the system design of a basic UPI payment orchestrator. We'll keep it theoretical, neat, and clean.

Let's dive in.

The Core Problem

The Architecture: Meet the Actors

  • The Validator: The bouncer at the club. It checks if the payment request is valid before doing any heavy lifting.

  • The Idempotency Store: The memory bank. It remembers every transaction we've started so we never accidentally charge a user twice for the same click.

  • The Bank Clients: The adapters that talk to the actual banking systems (HDFC, SBI, ICICI, etc.) to perform Debits and Credits.

  • The Orchestrator: The brain. It coordinates the entire flow between the payer's bank and the payee's bank.

The Happy Path: When Everything Goes Right

Step 1: Validation

  • Is the amount greater than zero? (You can't send ₹0).

  • Are the sender and receiver VPAs (UPI IDs) valid?

  • Are the sender and receiver different people? (You can't pay yourself).

  • Is the timestamp recent? (Rejecting requests that are suspiciously old or from the future).

Step 2: Idempotency Check

Step 3: The Debit (Taking the money)

Step 4: The Credit (Giving the money)

The Unhappy Path: Dealing with Failures

Scenario A: Debit Fails

Scenario B: Debit Succeeds, but Credit Fails

Scenario C: The Timeout

Why This Design is Beautiful

  • Separation of Concerns: The Orchestrator doesn't know how to talk to HDFC or SBI. It just says debit() and credit(). The BankClient handles the messy banking APIs.

  • Fail-Safe by Default: The system is designed to reverse actions if the next step fails. It guarantees that money isn't created or destroyed, only moved safely.

  • State Machines: A transaction isn't just "Done" or "Not Done". It moves through clear states: PROCESSING -> SETTLED (or FAILED / TIMED_OUT).

Wrapping Up

FAQ

What is a Payment Orchestrator in UPI?

The Payment Orchestrator is the central component that coordinates the flow between the payer's bank and the payee's bank. In the real world, NPCI (National Payments Corporation of India) fulfills this role. It ensures atomicity: either both debit and credit succeed, or neither does.

Why is idempotency important in payment systems?

Network glitches can cause users to send the same payment request twice. The Idempotency Store remembers every transaction ID and rejects duplicates. This guarantees that one click equals one payment — you never charge a user twice for the same action.

What happens when the debit succeeds but the credit fails?

The Orchestrator immediately triggers a Reverse Debit (refund) to the payer's bank. This puts the money back in the payer's account. The transaction is marked as FAILED. Modern systems often reverse instantly; older systems may take 3-5 days.

Filed under fieldnotesMarch 1, 2026