feat: add UPI Intent payment instrument and credential schemas#313
Conversation
Introduces two new JSON Schema types and a complete handler example for UPI Intent — India's device-native bank-to-bank payment method processed over the NPCI UPI rail (14+ billion monthly transactions). ## New Schemas - `source/schemas/shopping/types/upi_intent_instrument.json` A payment instrument type for UPI Intent deep link payments. Extends `payment_instrument.json` via `allOf` with `type: const: "upi_intent"` as the discriminator. Includes optional `display_name` and `display_logo` fields for platform UI rendering. No app constraints are supported — per NPCI mandate, the device OS presents the app chooser (Google Pay, PhonePe, Paytm, BHIM, etc.) and platforms must not filter or target specific UPI apps. - `source/schemas/shopping/types/upi_intent_credential.json` A transaction-specific credential containing an NPCI-compliant intent URI and optional QR code for desktop/web fallback. Extends `payment_credential.json` via `allOf`. Required fields: `intent_uri` (validated against NPCI `upi://pay?...pa=` pattern) and `transaction_reference` (maps to NPCI `tr` parameter, max 35 chars). Optional: `qr_code_data` (base64 PNG/SVG), `qr_code_string`, and `expires_at` (ISO 8601 expiry timestamp). ## New Example Handler - `docs/specification/examples/upi-intent-payment-handler.md` A complete handler specification for `com.razorpay.upi_intent` demonstrating the UPI Intent pattern end-to-end: handler config schema, instrument advertising, Complete Checkout → escalation flow, Razorpay Orders API integration, NPCI intent URI construction with RFC 3986 encoding rules, platform decision matrix (Android/iOS/desktop), HMAC-SHA256 webhook signature verification, polling protocol, and security considerations. ## Why This Is Needed UPI Intent differs fundamentally from UCP's card-centric credential exchange model: - No card networks — payment flows directly between bank accounts via NPCI - No stored credentials — each transaction uses a one-time intent URI - Device-native app selection — the OS presents available UPI apps - QR code fallback — for desktop/web contexts This contribution formalizes the UPI Intent escalation pattern using the existing UCP `requires_escalation` mechanism. Platforms that already handle `requires_escalation` support this handler with no additional protocol changes. ## Design Notes Both new schemas extend base types via `allOf`, consistent with the existing `card_payment_instrument.json` and `token_credential.json` patterns. The base schemas (`payment_instrument.json`, `payment_credential.json`) are intentionally left unchanged, preserving UCP's open/extensible architecture. Contributed by: Razorpay (razorpay.com) · Apache 2.0
paraskathuria-dev
requested review from
DanielFalconGuedes,
aksbro-gpu,
jingyli and
wry-ry
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
|
Hey @paraskathuria-dev thanks for proposing this and the other UPI PRs. We are reviewing this as a team, and expect to have initial feedback this week. Thank you for your patience. |
|
hey paraskathuria-de thanks for bring up this PR. This example folders are giving examples of different types of payment handlers in high level. for the detail UPI intent payment handler, it should be hosted in a UPI domain e.g. for gpay payment handler and json files, we are hosted in https://developers.google.com/merchant/ucp/guides/google-pay-payment-handler you could find the config schema and instrument schema hosted in https://pay.google.com/gp/p/ucp/2026-01-23/schemas/config.json & https://pay.google.com/gp/p/ucp/2026-01-23/schemas/card_payment_instrument.json |
|
Hey @kmcduffie & @yanheChen! Thanks for the review. This is an outdated PR, the same functionality of UPI Intent as a payment instrument is being proposed and discussed in this PR #315 |
5 participants
Summary
Introduces the
upi_intentpayment instrument and credential types, formalizing UPI Intent deep link payments in UCP. UPI (Unified Payments Interface) is India's real-time payment rail processing 14+ billion monthly transactions. This contribution enables businesses to offer UPI Intent payments within UCP's existing escalation mechanism.What's Added
source/schemas/shopping/types/upi_intent_instrument.json— A new instrument type wheretype: "upi_intent"signals to the platform that payment will be completed via an NPCI-compliant deep link. Extendspayment_instrument.jsonviaallOf. Includes optionaldisplay_nameanddisplay_logofor platform UI. No app constraints are supported — per NPCI mandate, the device OS presents the UPI app chooser and platforms must not filter or target specific apps.source/schemas/shopping/types/upi_intent_credential.json— A transaction-specific credential returned by the business inside arequires_escalationresponse. Contains the NPCI-compliantintent_uri(validated via pattern),transaction_reference(maps to NPCItr, max 35 chars), optionalqr_code_data(base64 PNG/SVG for desktop fallback),qr_code_string, andexpires_at(ISO 8601 expiry). Extendspayment_credential.jsonviaallOf.docs/specification/examples/upi-intent-payment-handler.md— Full handler spec forcom.razorpay.upi_intentdemonstrating the pattern end-to-end: business prerequisites, handler config, instrument advertising, Complete Checkout → escalation flow, Razorpay Orders API integration, NPCI intent URI construction with RFC 3986 encoding rules, platform decision matrix (Android native / mobile web / iOS / desktop), HMAC-SHA256 webhook signature verification, polling protocol, and security considerations.mkdocs.yml— Navigation and llmstxt entries under Payment Handler Examples.Why This Is Needed
UPI Intent differs fundamentally from UCP's card-centric credential exchange model:
upi://cannot be launchedBusinesses have been implementing this ad-hoc with no standardized escalation signal. This contribution formalizes the pattern using the existing
requires_escalationmechanism — no new platform behavior is required.Design Decisions
Schema extension pattern: Both new schemas extend the base types via
allOf, consistent withcard_payment_instrument.jsonandtoken_credential.json. The base schemas (payment_instrument.json,payment_credential.json) are intentionally left unchanged — they useadditionalProperties: trueto preserve UCP's open/extensible architecture.No app constraints: Unlike
card_payment_instrument.jsonwhich supports brand constraints,upi_intent_instrument.jsonintentionally omits constraints. The NPCI mandate requires all platforms to use implicit/generic intent calls; explicit app targeting violates compliance requirements.Credential carries the intent URI: The instrument is intentionally minimal (just the type discriminator + display metadata). The transaction-specific
intent_uriis generated server-side by the business/PSP and returned in the credential inside therequires_escalationresponse — consistent with how hosted checkout providers work.Type discriminator:
type: const: "upi_intent"follows the same discriminator pattern used bycard_payment_instrument(type: const: "card").Validation Checklist
allOfreferences resolve correctly against base schemastypediscriminator usesconstfor unambiguous resolutionsnake_caseconventionintent_uripattern validates NPCI-compliantupi://pay?...pa=formattransaction_referencepattern enforces NPCI max 35 alphanumeric charsqr_code_datapattern validates base64 data URI format (PNG or SVG)mkdocs.ymlnavigation and llmstxt entries addedReferences
requires_escalationin checkout specContributed by Razorpay · Apache 2.0