Skip to main content

How our silent ‘API army’ has helped DWP’s COVID-19 response

DWP Digital's Head of Integration, Jacqui Legetter at a desk with a colleague looking at a computer screen
Jacqui Leggetter with a colleague

It has possibly been one of the most challenging times globally, and certainly for our country, since the second world war. The impact of coronavirus on citizens, our economy, across the NHS and other public services including DWP has been unprecedented.

When the country went into lockdown on 27 March unfortunately, even with the furlough scheme, it meant a huge number of people lost their jobs. Within the first month DWP received almost 2 million new claims to Universal Credit and over 200,000 to Jobseeker’s Allowance. Not surprisingly there has also been a significant increase in the number of bereavement claims.

DWP responded by mobilising all available staff to work from home, increasing network bandwidths and improving telephony and citizen facing online applications.

Our library of APIs ready to work

In the background, my integration team have been working hard on enabling process automation and better sharing of information across DWP and other government departments.

To do this we've used an 'invisible' army of APIs (Application Programming Interfaces - essentially software intermediaries that allow two applications to communicate with each other) combined in some cases with our in-house file transfer application.

This delivery is invisible to our operational staff and citizens, but has been key to driving some of the rapid changes we have made to support the processing and payment of these additional claims.

Having built our library of APIs over the last 18 months, we had good visibility of the data DWP could share easily and securely through our internet facing API Gateway held in our Hybrid Cloud Service.

Having this library and suite of reusable APIs helped us to respond to the immediate requests needed to support DWP processing and requests from other government departments.

I talked about closer working across government in my last blog earlier this year and this way of working has really enabled DWP to help keep some of our most critical public services running. Some of the cross-government changes we deployed within the first few weeks of the crisis include:

  • doubling the number of citizen validation checks we could perform for DVLA who had a significant increase in the number of HGV Driver applications; critical to supporting supermarket and NHS deliveries
  • ensuring a stable service for the NHS Prescription Exemption check whilst numbers doubled overnight
  • doubling the number of Free School Meals Qualification checks; including use of our income checking service

Creating a style of API

Within DWP, working with our business function teams, we were able to identify some existing APIs that could be reused. We were also able to introduce some new APIs to help with emerging business processes that were provided to help clear the surge of new claims as quickly and accurately as possible. The new APIs we introduced are now available in our library for reuse. Some of the changes we made enabled the following:

  • a new robust, automated, initial citizen identification and validation check
  • a new citizen income check for bereavement benefit
  • automated citizen identification for our contact centre enabling faster responses for citizens reducing call waiting times
  • telephone-based medical assessment reports being sent securely to DWP for processing
  • a passport benefit check that enables other benefits to be identified and taken into account while assessing benefit entitlement

Text reads: APIs are helping accelerate the next stage of DWP's transformation

Across our digital teams we are standardising the way we build APIs. Historically we have built deep, feature-rich applications that would perhaps cover a series of business processes, whereas now as part of the transformation of our services we are building smaller micro-service based applications that break down processes into more granular steps.

For example, a user’s name, national insurance number and date of birth is now contained in a 'personal details' micro-service API, while the current address details are contained by another 'current address' API. This enables us to reuse the 'personal details' micro-service API and the 'current address' API for any other separate processes that need that information.

By thinking about reuse up-front and creating the API contract first we are defining the query and the response before actually building any code, therefore ensuring faster application integration and removing the risk of mismatched expectations.

Having the full suite of reusable APIs available in our library allows rapid discovery and test so all of our teams across digital can build and deploy services faster.

Changing how we think about using standardised APIs to increase reusability is enabling us to reach our next stage of transformation.

We have made great use of the APIs available in our library, and, have been able to add new ones which can now be reused by other areas of DWP and other government departments.

These are key to helping accelerate DWP’s next stage of transformation, and, building even more reusable services that can be shared and managed through an intelligent API Management service.

The silent API army will continue to march on in the background to support and enable the delivery of the technology people can see and touch, helping to drive our next phase of transformation.

Like this blog? Why not subscribe for more blogs like this? Sign up for email updates whenever new content is posted!

Sharing and comments

Share this page


  1. Comment by Phil Rimmington posted on

    This is fantastic news. Having a granular set of services that can be layered upon to provide maximum flexibility and re-use. This should enable the department to leverage a number of different channels of access using the same underlying functions. Great work.

  2. Comment by Carl Draper posted on

    Very interesting article, how do you patch such a vast array of APIs together and still keep it secure?

    • Replies to Carl Draper>

      Comment by Dean posted on

      Hi Carl, great question - we have a combination of Mutual Authentication between the Client and the Servers, whitelisting of IP's within our Web Application Firewalls, API Keys and of course all of our traffic is fully encrypted in transit. Security at depth is paramount.