India’s National Health Authority has reportedly introduced new rules for the CoWin portal, which has restricted third parties from accessing vaccination slot availability data. From now on, slot availability information would be made available to third party entities after a delay of approximately 30 minutes.
According to reports, while the new move comes on the heels of growing reports about the misuse of CoWin’s open APIs by software programmers to book vaccination slots, the health authority stated that the changes to policy were introduced to prevent cyberattacks and ‘ensure scalability’ of the national vaccination slot booking platform.
Apart from introducing the 30 minute delay, the portal has also been geo-fenced so as to limit access to the website from non-Indian IP addresses. Consequently, this has created problems for non-residents that are attempting to book a vaccination slot for someone living in India.
Before opening the portal for vaccine slot booking for the 18 to 44 year age group, the portal’s APIs were opened up to the general public, to effectively allow anyone to develop a third-party portal that citizens can access to search for and book vaccine appointments.
NHA Chairman, RS Sharma, stated that the main reason the delayed availability of slot data was implemented was to ensure that the application is scalable and can serve billions of individuals.
Sharma further added that another reason caching was implemented was for security purposes. Claiming that exposing the production databases to public presents a great security risk as someone can easily write a dedicated script that loads the portal several million times in a day to overwhelm the application.
The new change to policy has come after numerous reports came forward claiming that software programmers were exploiting the open API system of the CoWin portal to effectively jump the queue and find available slots faster than the average person. The real-time availability of slot data would enable programmers to setup alerts for themselves, which would inform the programmers whenever a new slot opened up, and skew the system against the layman.
However, while bringing respite on one end, the changes have created inconvenience elsewhere. With the geo-fencing limits enforced, several Indian enterprises, which use VPNs, are finding it difficult to book vaccination slots for their employees.