The all-new CoWIN portal loaded with new technology safety features started taking bookings for the vaccine jabs on Saturday. The Center's technology team has upgraded the nation's vaccine registration portal with added security layers while restricting the real-time data regarding the availability of vaccination slots on CoWin centralised technology portal.
The move comes after complaints were raised against some technology geeks manipulating the portal data to book the vaccine slots quicker than people who accessed the website on their laptops or smartphones.
“The appointment availability data is cached and may be up to 30 minutes old,” the portal's nodal agency API Setu said in a note. The CoWin portal uses an open Application Programming Interface (APIs) — a tool that allows two software programs to talk to each other and share information.
Earlier the APIs were made public so that private hospitals could integrate them into their systems to facilitate faster vaccination. Since India opened up vaccinations for those aged 18 and above from May 1, there has been a huge rush for vaccines amid the ongoing second Covid-19 wave and a shortage has aggravated the situation.
With heavy rush recorded on these portals, a few tech software programmers have found an easy way of writing a code that pings the APIs to find open slots in vaccination centres and send alerts via SMS or on messenger groups.
These programmers have even opened websites or Telegram channels to send alerts to users looking for vaccination slots, resulting in hundreds of slots being booked in just minutes. The government has also imposed restrictions on this. “Further, these APIs are subject to a rate limit of 100 API calls per 5 minutes per IP,” API Setu said.
According to the top Central technical team, there is no possibility of automated bookings through bots or scripts since bookings can take place only through the CoWin portal and requires a One-Time Password to be sent to a user's mobile phone.
The bot built on the MyGov WhatsApp number lets the backend team know about the slot availability, but the system doesn't allow to run multiple APIs.