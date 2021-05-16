



The National Health Authority (NHA) has introduced restrictions on access to vaccine availability information of CoWin portals by third parties. While this move has come amid reports suggesting the misuse of open portal APIs by some coders and software programmers to set alarms and reserve slots, the NHA said this was done to ensure the platform scaling up and to prevent cyber attacks. Now, for third-party entities that provide slot availability information from the CoWins database, such data will be made available with a delay of up to 30 minutes. Moreover, the CoWin portal is geo-enclosed to restrict access to the site from an Indian IP address. This has caused problems for nonresidents trying to book a vaccination appointment for someone in India. Prior to the launch of the vaccine reservation portal for the 18-44 age group, CoWins APIs became open to the public to allow anyone to build a third-party portal where citizens can request and reserve games electronic vaccination. In response to a question from The Indian Express, RS Sharma, NHA President said: The main reason to implement caching (data availability delay) is to ensure the scaling of the application to serve billions of people. Another reason to implement caching for security reasons. Exposing production databases to public sites can be a security risk because one can simply write scripts to load this site a million times in a day and overload the app. This is absolutely necessary for population-wide application such as CoWin, he added. An open API refers to a publicly available application programming interface (API) that gives developers access to a software proprietary application. For example, you have a Google Maps API that integrates with the food delivery or travel portal, or the UPI API used by a variety of applications to enable easy payments. In this case, the NHA has allowed anyone to access a range of applications needed to communicate and interact with the CoWin platform. Public CoIs of APIs to find the opportunity to meet and download vaccination certificates. These APIs are available for use by all third party applications. Meeting availability data is stored and can be up to 30 minutes old. Moreover, these APIs are subject to a rate limit of 100 API calls per 5 minutes per IP. Please consider these points while using the APIs in your application, reads the Setu Portal API Center on the CoWin API page. The move comes after several reports by coders and software developers trying to exploit the open API feature of the CoWin portal to access available slots. The direct availability of the information in question will allow programmers to set alarms whenever a particular site opens and tilts the system against those without knowledge or access to such programs. Geo-fencing to prevent anyone from outside India from accessing the CoWin portal has also brought some concerns. The inability of international IP addresses to access the CoWin portal has also troubled some corporations, which use VPNs on their network. Because CoWin restricts foreign IP addresses, some corporations trying to reserve a vaccination site for their employees have not been able to do so. Answering a question about geo-fencing, Sharma said: The CoWin application was created for vaccination and related activities of Indian citizens. Therefore, it is clear that the user base of this application is in India. It is a good industry practice to restrict application access to certain geographies. Achieves two things for Co-Win. First, it reduces unnecessary app traffic that is extremely important to CoWin, which is expected to be accessed by over one billion people. Second, restricting access also reduces the potential risks of Service Denial of Distribution (DDOS) attacks by malicious actors across the globe.

