WSO2Con2025 Logo

March 18-20 | Barcelona, Spaain

 
CASE STUDY

API-Led Transformation: CRIS Revolutionizes Indian Railways with WSO2

Product Area

API Management

Region

Asia Pacific

Industry

Services

Highlights

Scalable and Stable Platform:

Currently handles about 1.25 million API calls daily across 140+ APIs with 600+ resources.

Improved Collaboration and Innovation:

By masking backend complexities, the platform paves the way for new business models and third-party app development.

Strong Integrations:

Connects Indian Railways to a wide range of critical systems, from government platforms to freight and passenger operations.

Overview

Indian Railways (IR) is a government entity operating India’s national railway system. As the world’s fourth-largest rail network, IR runs about 11,000 trains daily, including 7,000 passenger trains. Established in 1986, the Centre for Railway Information Systems (CRIS) is the IT arm responsible for designing, developing, and maintaining IR’s critical information systems. It plays a pivotal role in ensuring efficient and reliable operations — from ticketing and freight management to network optimization and passenger services.

CRIS needed a secure, controlled method for sharing data with third-party developers. With approximately 30 applications requiring data interchange, over 1,000 identified interchange needs, and a potential for 100 million daily API calls, the organization sought to establish an enterprise-level API gateway and management infrastructure.

Launched on August 15, 2021, Project Pravah aimed to create a seamless, secure, and controlled flow of information between IR and its partners. It currently handles 1.25 million API calls daily across 140+ APIs with 600+ resources. Nineteen tenant groups and 45+ consumers utilize the platform for both B2B and B2C integrations. WSO2 API Manager serves as the foundation for Pravah, providing a robust feature set, cloud native capabilities, and support for modern protocols. As the implementation partner, Hewlett Packard Enterprise (HPE) played a pivotal role to install, configure, and onboard APIs to the WSO2 platform, train CRIS professionals, conduct functional and performance testing, and provide post-implementation support.

quotes

Pravah, powered by WSO2 API Manager, has significantly accelerated our digital initiatives. We've seen a dramatic increase in API adoption and WSO2 has been a key partner in our mission to modernize Indian Railways. The API platform has enabled us to deliver better services, improve operational efficiency, and drive innovation."

Soumendu Ghosh

Principal Project Engineer

Centre for Railway Information Systems

Challenge

Mature IR applications held vast data, a valuable asset for partners, consumers, and developers. A key challenge was securely exposing this data via APIs. Each application used its own services and infrastructure, creating inconsistencies. Native apps faced security risks due to endpoint vulnerabilities. Data scraping of public-facing apps caused unpredictable load spikes. To foster new business models, applications needed a secure, controlled data-sharing platform. Some key considerations included the following:

  • Managing APIs for various consumers was complex. Each new consumer required a potentially unique API, hindering agility and increasing costs.
  • Lack of standardized rate limits, SLAs, and billing hindered control. Custom solutions for each requirement added overhead.
  • Inconsistent APIs complicated changes and lack of standardization increased effort and cost.
  • Decentralized data sharing lacked security. Mobile app security was incomplete.
  • Custom solutions for each requirement caused inefficiency. Enterprise architecture principles were underutilized.
  • Inconsistent SLAs and absent central API request management hindered partner collaboration.
  • Performance, availability, scalability, and maintainability issues arose.

Objectives

CRIS had to design, architect, implement, and maintain a standards-based, configurable, highly available API gateway and management solution on the organization’s private cloud. The solution had to:

  • Adhere to standards: Employ CRIS-specific standards aligned with industry norms for APIs, protocols, data exchange, security, and hosting.
  • Prioritize agility: Adopt agile methodologies for API development and onboarding, emphasizing scalability without performance compromise.
  • Foster responsiveness: Utilize best-in-class technologies for hosting and operations to create a modular solution adaptable to future business growth.

The solution also had to meet the following technical requirements.

  • Support multiple project groups with clear separation and independent API exposure.
  • Enable dynamic policy configuration for flexibility and control.
  • Integrate with CRIS systems (identity and access management, email, ESB, SMS), allowing for future expansions.
  • Support REST and SOAP APIs (WSDL).
  • Provide a secure, customizable portal aligned with CRIS’s needs.
  • Offer robust analytics, including out-of-the-box and custom reporting, collected asynchronously.
  • Support configurable monetization policies, pricing models, and billing.
  • Implement configurable traffic throttling, rate limits, and quotas.
  • Achieve peak 1,000 requests per second (RPS), average 550 RPS, 99.9% uptime, and high availability. Support on-premises, cloud, or hybrid deployment.
  • Implement key/token-based security and rate limiting. Prevent DDOS attacks, secure APIs, isolate compromised APIs, and employ secure practices. Comply with India’s data retention regulations.

Solution

After a thorough evaluation process, CRIS selected WSO2 API Manager as the preferred solution due to its technical capabilities, cost-effectiveness, and open source nature. CRIS adopted a phased approach to API management, focusing initially on core functionalities. This strategy allowed for gradual expansion as needs evolved. WSO2 offers comprehensive API management, covering development, deployment, security, analytics, and more. For CRIS, the implementation included:

  • API Publisher: A user-friendly tool for creating, documenting, and securing APIs.
  • Developer Portal: A platform for API discovery, subscription, and consumption.
  • API Gateway: Handles incoming requests, enforces security, and forwards traffic to backend services.
  • Key Manager: Manages authentication and authorization.
  • Traffic Manager: Controls API traffic, implements rate limiting, and safeguards against attacks.
  • API Analytics: Monitors API performance and generates insights.

IR’s enterprise architecture adheres to the government-mandated India Enterprise Architecture (IndEA), which is based on The Open Group Architecture Framework (TOGAF®). IndEA promotes a holistic view of government as an interconnected enterprise. Pravah aligns with IndEA and leverages the Integration Reference Model (IRM) to facilitate seamless data exchange within the ecosystem. The solution is structured into management, data, control, and analytical layers based on WSO2 API Manager's component distribution.

In Phase I of the project, CRIS aimed to expose a limited number of APIs from four project groups: Passenger Reservation System (PRS), National Train Enquiry Systems (NTES), Freight Operations Information System (FOIS), and E-Procurement System (EPS). WSO2 API Manager helped to achieve these goals on time.

Results

A Robust API Platform: Project Pravah has become a cornerstone for IR's data sharing, handling a substantial volume of 1.25 million API calls daily across 140+ APIs and 600+ resources. The platform serves 19 tenant groups and 45+ consumers, facilitating both B2B and B2C integrations. This success demonstrates Pravah's effectiveness in providing a secure and controlled environment for information exchange.

Streamlined Data Exchange: Pravah created a standardized interface that simplified information exchange for IR, securing, controlling, and managing data flow while masking backend complexities. This unified platform fostered collaboration with logistics and travel partners, encouraging innovative business models and third-party app development.

Strong Integrations: Pravah has also been key to integrate with many complex systems — including the National e-Governance Division (NeGD) and Unified Mobile Application for New-Age Governance (UMANG) apps; the IRCTC 139 IVRS and call center; IRCTC eCatering; freight data access systems for ADIL, IOCL, UTCL, SAIL, and HINDLCO; loco integration with the Control Office Application (COA) (Remlots); and various mobile apps.

For a deeper dive into Pravah, you can also refer to a detailed technical case study on the Open Group Library.

Our Products


Foundational technology for your digital platform. Digital experiences delivered as apps, workflows, and automations require powerful cloud native infrastructure to do the heavy lifting. Our products help you focus on the business requirements and leave the complexities to us.


Expand Your Network and Grow Your Business

Unlock limitless opportunities for growth and amplify your business success by harnessing the transformative power of WSO2.

Contact Sales