Aarogya Setu has released an Open API Services Portal through which third party apps can check users’ health status “with consent”. The API terms and conditions state that the it will provide “only the health status of a registered Aarogyasetu User (with User's consent) [sic]” and “no other personal data shall be provided through the API”. According to the tweet and the service’s terms and conditions, this API service is available only to organisations and entities which are registered and have operations in India, and have more than 50 employees/customers/users. The government envisions the API as a tool "to help the people, businesses and the economy to return to normalcy". The terms and conditions forbid the app developers from charging their employees/users/customers a fee for using this service, and from using it for “any commercial advertisements or marketing or analytics”. Third party apps will have to be authorised by a necessary government agency to be able to use the API. The authorising agency is likely to be the National Informatics Centre. We have reached out to them for comment. The groundwork for accessing health status via APIs was laid in the updates to the app on July 6 and July 17, when a new feature — Approvals — was added to the app to allow external apps to access the user’s Aarogya Setu status. Readers may also remember that in the now taken down August 12 blog post by Security Brigade, the company had pointed out that the developers “seem to…
