On April 17, the Government denied permission for software access to the Co-WIN dashboard to Step One, a non-profit organisation (NPO) working on enabling vaccination registration and appointment through WhatsApp. However, on Wednesday it reversed its position and opened selective parts of the Application Programme Interfaces (APIs) for Co-WIN to third parties for appointment vacancies search and vaccination certificate downloads. In a letter to Step One, dated April 17, the Empowered Group of Vaccine Administration for COVID-19 said that a comprehensive data capture policy needs to be put in place before allowing third-party apps and service access to the COVID-19 dashboard for vaccine registration and delivery. It commended the efforts of Step One to innovate and bring out more options to citizens but said that the "usage of public URLs, capturing personal data, and having citizens use such applications are not permitted unless explicitly stated and enabled through a policy." "We have built various services within the Co-WIN system as micro-services exposing APIs for ensuring integration and innovation in future. But, as you may be aware, Co-WIN APIs do deal with sensitive data and hence a well-defined policy covering data capture, protection, security certification, auditing, and other aspects need to be established. As of now, there is no such policy with respect to enabling third-party applications such as yours on top of Co-WIN APIs and hence we will not be able to allow you to connect to our APIs"—Empowered Group of Vaccine Administration for COVID-19 letter dated April 17, 2021…
