CoWin Vaccine App Restricted For APIs, 3rd Parties: How Will It Impact Your Vaccination?
National Health Authority (NHA) has limited access to vaccine slot info availability from the Cowin portal to third parties.
Third Party Access To Vax Slot Info Restricted
It has cited prevention of cyberattacks and ensuring platform scalability as reasons behind the move.
Notably, there have also been reports floating around of coders and programmers who have been using Cowin’s open APIs to book slots and set alerts.
With this move, if third parties were to access the slot availability data, they would be presented data that is delayed by 30 minutes.
Before the vaccination drive was expanded to include adults from 18-44 years of age, the portal’s APIs were available to the public.
So anyone could build a third-party portal to facilitate slot bookings and setting alerts.
Third Parties To Receive 30-Minute Late Data
RS Sharma, NHA Chairman, said that the 30 minute delay of data was implemented so that the app could be scaled in order to serve everyone.
Security concerns were another reason since anyone could run a script which would load the site multiple times a day and overwhelm it.
This mischief could be perpetrated by exploiting the public availability of production databases.
Ensuring Equal Access
Hence, the app required protection due to its population scale.
There were several reports that software engineers were taking undue advantage of the open API feature of Cowin portal.
With the feature they had free access to live info regarding slot availability and could accordingly book the same for themselves .
They had an unfair advantage here since not all had the knowledge or access to manipulate the system in this manner.
Geofencing And Slot Booking Hurdles
The portal has also been geofenced so only Indian IP addresses can access it.
This is bad news for people outside India who have been trying to book slots on behalf of Indian residents.
The geofencing has also created problems for corporations who were trying to book slots for their employees but did not always have Indian IP addresses.
The NHA Chairman explained the geofencing decision as well by saying that it prevents unnecessary traffic coming from outside the user base region of India.
Another advantage he cited was that it also diluted risks of Distributed Denial Of Service (DDOS) attacks from international cybercriminals .