Download Cheat sheet PDF 12 pages · syntax, editors, patterns, Unicode, performance, debugging
HomePatternsUPI ID (VPA)
Pattern

Regex for UPI ID (VPA)

Unified Payments Interface ID — username@psp.

The pattern

^[a-zA-Z0-9.\-_]{2,256}@[a-zA-Z][a-zA-Z]{2,64}$
Try in explainer →

What it matches

  • alice@oksbi
  • bob.smith@paytm
  • user123@upi
  • 9876543210@ybl

What it doesn't match

  • @oksbi
  • alice@
  • alice oksbi
  • alice@123

Notes & gotchas

UPI VPAs (Virtual Payment Addresses) follow username@psp format. Common PSPs: oksbi, okicici, okhdfcbank, paytm, ybl (PhonePe), apl (Amazon Pay), axl (Axis), upi. PSP part is letters-only.

Code in your language

Use the explainer's Code tab to generate ready-to-paste snippets in JavaScript, Python, Java, .NET, Go, Ruby, and PHP for this pattern.

Open in explainer →

About this pattern

India-specific identifiers are governed by various authorities (UIDAI for Aadhaar, Income Tax Dept for PAN, RBI for IFSC, GSTN for GSTIN, etc.). Regex confirms format; for definitive validation, integrate with the issuing authority's verification API.

Quick usage in different languages

Once you've validated a candidate value matches this pattern, you'll typically use it inside your application code. Each language has its own regex syntax:

  • JavaScript: new RegExp(pattern).test(value)
  • Python: re.match(pattern, value) with raw strings: r"pattern"
  • Java: Pattern.compile(pattern).matcher(value).matches()
  • C# / .NET: Regex.IsMatch(value, pattern)
  • Go: regexp.MustCompile(pattern).MatchString(value) — Go uses RE2 so some advanced features aren't available
  • Ruby: value =~ /pattern/ or pattern.match?(value)
  • PHP: preg_match('/pattern/', $value)

The explainer's Code tab generates these for any pattern you paste — including the right escaping and idioms for each language.

Common pitfalls

  • Anchors matter. If the pattern uses ^ and $ it expects the entire input to match. To find this pattern inside a longer text, remove the anchors and use the /g flag.
  • Case sensitivity. Letter ranges like [A-Z] only match uppercase. Use the i flag or [A-Za-z] for case-insensitive matching.
  • Escape user input. If you're building a regex from a string variable, escape regex metacharacters first to avoid bugs or injection.
  • Performance. For this specific pattern the risk is low, but be cautious of nested quantifiers when adapting it — they can cause exponential backtracking on adversarial input.

See also

Browse all 300 patterns in the library, or open this regex in the interactive explainer for a token-by-token breakdown, live testing, and code in seven languages.

Want more patterns? Browse the full library →