This article is more than 1 year old

India’s vaccination-booking API criticised for excluding millions, containing bugs, and overflowing with elitism

It’s faulty, struggling to scale, lacks a dedicated privacy policy

As India struggles to cope with its savage second wave of COVID-19 infections, its government is being criticised for an API that critics say is creating inequities in the nation’s vaccination program.

The API in question, Co-WIN, is designed to tap India’s vaccination-booking service and has been made available to third-party app developers in the hope that innovators find clever ways to get Indians signed up for their jabs.

India has made use of vaccination booking services powered by Co-WIN compulsory for people aged 18 to 44.

That’s drawn criticism from the likes of legal advocacy organisation Nyaaya, which has pointed out that just under 60 percent of Indians use the Internet and that while it is possible to use one mobile phone to register four people for a jab, that will leave many unable to book. Sumeysh Srivastava , Nyaaya’s development lead and a senior resident fellow at the Vidhi Centre for Legal Policy, also noted that the Co-WIN portal is only in English – a language spoken by around ten percent of Indians.

India’s Software Freedom Law Centre has also expressed its ire with Co-WIN, claiming that one-time-passwords for registration are arriving late, or not at all, that CAPTCHAs are proving buggy, are only offered in English and may be new to many Indian internet users.

The Centre has also asked why Co-WIN doesn't have a distinct privacy policy, instead of relying on the Health Ministry's generic polices for online services.

Another issue the Centre has noted is glitches in Co-WIN that have seen some Indians receive certificates for vaccinations that have not been administered.

India’s health Ministry acknowledged similar issues last week and tweaked the API so that it issues four-digit code that citizens can use to verify their vaccination records.

Co-WIN has succeeded to a point because numerous developers have created apps and other web services that use the API to identify when vaccines will be available and allow booking of jabs through the API. Some of those services even offer real time updates on when new jabs are made available.

But because of India’s low internet adoption and high rates of 2G, 3G and feature phone use, one effect of those apps is to make it easier for those with better internet access and more powerful devices to book a jab. Hundreds of millions of other Indians are less likely to have the knowledge, equipment, and opportunity to take advantage of third-party apps powered by Co-WIN.

But even those who can use Co-WIN powered services come up against the API’s limits – data is cached and may be up to 30 minutes old, by which time all available bookings may well have been used. The API also has a rate limit of 100 API calls per five minutes per IP address. And the Co-WIN portal has sometimes struggled to remain available as Indians seek vaccination bookings.

It’s not hard to understand the reason for the high demand: India has a seven-day average of 380,000 new COVID-19 cases and 3,800 deaths, and those figures are felt to be considerably under-report the true state of the pandemic. ®

More about

More about

More about


Send us news

Other stories you might like