The State as API

I. Health

On the morning of January 23, 2020, I walked out the front door of my Beijing apartment and was confronted by a profound strangeness. The streets of Dongcheng District, usually blaring with an impatient cacophony of car horns packed shoulder to shoulder, were now abandoned. It was as if the Rapture had finally happened, as if aliens had arrived in the middle of the night and beamed up every other human on earth. That’s bizarre, I thought. Where is everyone?

Everyone, as it turned out, had gone inside. That morning, state media reported that travel to and from the city of Wuhan had been prohibited as public officials struggled to respond to the rapid spread of an unknown disease.¹ In Beijing, 700 miles away, the government announced the closure of all major public venues,² and millions of Chinese families, drawing on the muscle memory of the SARS crisis seventeen years earlier, retreated indoors, drew the shutters, and self-quarantined. A city with a population the size of two New Yorks had become a ghost town overnight.

The state responded to the crisis with startling efficiency, breaking ground on one of many makeshift hospitals within hours of the Wuhan cordon.³ Equally astonishing was the speed with which the technical infrastructure of the control efforts materialized. Within weeks of the national emergency declaration, health regulators enlisted the country’s largest technology companies to build COVID-tracking apps designed to monitor the movement of individuals and the disease. In early February, less than two weeks into the crisis, a team of engineers at Alibaba, in partnership with local authorities in Alibaba’s headquarters in Hangzhou, were piloting an app that issued each user a color-coded risk rating—green, yellow, or red—based on vaccination record, COVID test results, and travel history, with data updated in nearly real time.⁴ By April, various versions of the app—which collectively became known as the Health Code (健康码)—were operating in more than 200 cities and 20 provinces. Within months it sat on the phone of almost every adult in the country.⁵

For the next two years, Health Code apps were central to daily life. A green Health Code was required to enter any restaurant, office building, store, subway, airport, train, or apartment complex. Without a green Health Code status, you could not buy food, travel, go to work, or visit friends. Most of the time, maintaining a green status was a simple affair: It meant getting regular COVID tests at official testing stations and keeping up to date on vaccinations. But sometimes, it was just a matter of luck. Your status could drop to yellow, or even red—requiring various degrees of quarantine—if the app detected that a user had been near someone who had tested positive.

In May, I became curious about where the Health Code apps were pulling their data from. I looked up the technical standards that governed the Health Code—a matter of public record—and compared these to my own experience of the apps. Health Code apps were designed to aggregate dispersed datasets held by various government bodies and state-affiliated entities, and repurpose them for epidemic control. User location data was contributed by the three state-owned telecommunication companies—China Mobile, China Telecom, and China Unicom—which could determine whether a user had been in close proximity to a confirmed case by comparing records of 5G cell tower pings, and could additionally confirm whether a user had traveled to a city where outbreaks had been reported. China Railway and the Civil Aviation Administration of China—the state-owned train and airline authorities—similarly contributed location data and travel history based on a user’s ticket purchases. Local branches of the National Health Commission and other health authorities contributed vaccine and COVID testing records collected from testing stations and hospitals, where ID verification was required prior to each test and vaccine administration. Though there were hundreds of variants of the Health Code app—each with different names, designs, and cities stamped across the splash screen—they were all tributaries of the same river, each application a differently-configured shell over the same data nucleus. And upstream, at the data’s wellspring, the state.

From the start, there was speculation that the government would use the Health Code apps for political purposes. Perhaps the national government would prevent protests against harsh COVID controls by manipulating the travel data or vaccination records connected to dissident groups. That data would then propagate through disparate Health Code apps across the country, turning health codes red and preventing dissidents from traveling to protests. The possibility was not so far-fetched. In 2022, customers of a troubled state-affiliated bank in the city of Zhengzhou found that all their risk ratings had turned red as they prepared to protest against the bank illegally freezing their funds.⁶ As it turned out, local officials had manipulated data to target individual bank customers to avoid scrutiny from the central government. Fortunately, this incident remained a limited and local abuse of power. In fact, fearing that such abuses of the Health Code by local officials would damage national trust in epidemic control measures, Beijing took swift action, penalizing the local officials responsible.⁷ The scenario that some had feared—a coordinated, nationwide weaponization of the Health Code—never came to pass.

And yet, still, upstream, the state.

II. Trust

In 1999, at the request of then-Premier Zhu Rongji, a scholar named Lin Junyue led a team of social scientists researching a new national project designed to improve trust between Chinese businesses. At the time, China was preparing to join the WTO, and was in the process of implementing reforms to speed its path to entry.⁸ One of the primary arguments against China’s ascension was the immaturity of its business environment, which was rife with fraud, piracy, and counterfeiting, a state of affairs China’s weak legal system could not seem to ameliorate. It was not uncommon for contracts to be signed and then blatantly broken; for suppliers who seemed reputable one month to vanish the next, leaving nothing behind but a forged chop and an empty warehouse. As there was no mechanism for identifying which companies could be trusted, losses were simply absorbed as a cost of doing business in the world’s most promising emerging market.

In 2000, Lin Junyue’s team published a paper describing a mechanism for increasing trust: “The National Credit Management System,”⁹ and two years later, after refining his theories, he published a book, “Principles of the Social Credit System.”  In the years since, the social credit system has become synonymous with state control of individual and corporate behavior through massive data collection. But when Lin first made his proposals, there was barely any data to aggregate. Only 3.5% of China’s 1.28 billion population were internet users¹⁰ and government digitization initiatives had barely begun. However, by 2014—the year social credit was formally introduced in China—the game had changed.¹¹ The state had spent the previous decade undertaking massive data initiatives, with each department and agency consolidating enormous record sets and digitizing bureaucratic processes.

Today, the social credit system consolidates dozens of government datasets, weaving them into social credit profiles on individuals and companies. The inputs span the full breadth of state record-keeping: corporate registration records are contributed by China’s market regulator; tax filings by tax authorities; social insurance payment histories by labor authorities; utility payment records by state-owned power and gas companies; court judgments; administrative penalty records; official licenses and qualifications; permits and project approvals; and official awards and recognitions.¹² Each stream flows into the same channel with a singular purpose: determining whether a company or individual can be trusted.

While social credit data related to individuals is largely private—with some exceptions—corporate social credit information is widely circulated. The state not only provides two official online databases through which corporate social credit profiles can be searched¹³—a sort of Better Business Bureau on steroids—but has also opened that data through APIs, routed outward through a chain of authorized data providers and resellers. From there, social credit data is drawn into hundreds of commercial apps that quietly query those feeds. Some examples include Qichacha, China’s top corporate due diligence database, Tianyancha, Xinchacha,¹⁴ and Wind, China’s largest economics data provider.¹⁵

This data, like the data that underpinned the Health Code, is stitched together into a stream that flows out into society under a hundred names, becoming the arbiter of public trust in companies. It shapes the decisions of hedge funds, the choices of employees deciding where to work, of consumers deciding what to buy, of businesses deciding who to partner with and who to trust as a supplier.

The data stream forks and forks again, braids into channels, and surfaces under a thousand names. But underneath it all, the state.

III. Identity

The state functions as an API not only through the provision of data streams, but also through the provision of identity validation tools embedded in private-sector apps, creating state-managed touchpoints and gateways through which users pass when they log in to platforms and online services.

One such touchpoint emerged from the state’s decades-long campaign against youth gaming and internet addiction. Since the emergence of the public internet in the 1990s, Chinese parents have continually pressured authorities to impose increasingly strict anti-addiction regulations on gaming companies and to limit game time for minors. After twenty years of escalating regulations, China now operates one of the world’s strictest regimes for underage online gaming. Game companies may provide minors with no more than one hour of online game service per day, and only between 8 and 9 p.m. on Fridays, Saturdays, Sundays, and holidays, for a total of no more than three hours per week.  

Enforcing these measures proved to be a significant challenge as game companies were reluctant to verify players’ identities, and thereby depress their own profits. So the state built the verification layer itself. In October 2019, China’s gaming regulator, the National Press and Publication Administration (NPPA), mandated real-name account registration across all online games, barring companies from serving unregistered users, and imposing monthly in-game spending limits scaled by age.¹⁶ In August 2021, a follow-up notice tightened the time limits to their current form, and required every online game to connect to the NPPA’s “Online Game Anti-Addiction Real-Name Verification System.”¹⁷ This system collects users’ state ID information upon login, and sends it to the NPPA, which checks identity information against the national citizen database API managed by the Ministry of Public Security (MPS), China’s police force.¹⁸

There are many other real-name identity verification systems in China, each designed to solve a distinct legal or social issue. To prevent fraud and to comply with Know Your Customer laws, online payment services plug into state-backed real-name verification systems. To protect consumers against data privacy violations by internet platforms, China’s cyberspace regulator (CAC) released its own voluntary alternative login and ID verification software development kits (SDKs), allowing users to decide whether to turn their personal data over to companies or to the CAC when using online services. These identity validation tools all take different forms, but upstream from all such systems sits the MPS and its national identity API. Any time a new user signs up for a new platform, this process passes through a government server.

The state’s presence in the login process is rendered invisible through layers of abstraction. Developers building apps, games, and other software do not need to interface with the state directly. They can access identity verification services through scripts and plugins offered through China’s major cloud providers, including Alibaba Cloud, Tencent Cloud, and Baidu.¹⁹ Developers find these services in the cloud provider’s marketplace, complete with documentation, SDKs, and pay-as-you-go pricing, and integrate them as they would any third-party API. But on the back end, each verification request is relayed through the provider to government-run servers that hold the authoritative identity records.

The state is invisible, but it is there, just upstream.

IV. Upstream

The Western reflex is to interpret all this as entirely nefarious, but that is too shallow a conclusion. Identity must be vouched for by someone. On closer examination, there are many reasons that the state’s attempts to take a central role in ID verification are necessary and even desirable. Validating identity data through a police-owned channel is not as unusual in China as it might seem; the MPS has been responsible for maintaining the country’s master population database for well over twenty years,²⁰ and no other authority is capable of performing ID validation. In the United States, online ID verifications are typically performed through driver’s license verification services offered by the American Association of Motor Vehicle Administrators,²¹ through social security number validation through the SSA’s eCBSV system,²² or in some cases, via credit bureaus.

The difference is that the US does not require most websites and apps to perform such verifications except in specific situations, such as when a user opens a new bank account online. But even China’s far more ubiquitous requirements can be understood through the lens of Western experience. The US has long struggled against the rising tides of mental-health crises, misinformation, social disunity, and fraud, brought about in part by an unregulated internet with minimal accountability. The US accepts this because the values of Western democracies hold that it is better to relinquish one’s mental health to a corporation than one’s privacy to the state—but it is not difficult to imagine why a society might make the opposite decision.

Similarly, data must be collected, distributed, and held by someone. There is nothing inherently sinister in the state’s aggregation of data, particularly in response to a crisis. Both COVID and China’s low-trust business environment were crisis-level epidemics of different sorts, and only the state possessed the authority to marshal the data necessary to fight them. In both cases, the state could not be the only carrier of that data. For the information to do any work, it had to reach people where they already lived, inside the apps and platforms they used every day. It made sense, then, that the state pushed its data outward, into the hands of the software that could deliver it. 

Regardless, the architectural shift as the state moves down the stack gives the government a cloak of invisibility. The API layer has no face of its own—it speaks in the voice of the software that calls it. It is a data point in someone else’s interface, it is a variable in someone else’s algorithm. And there is something else: When the state is the API layer, it need not interfere in data flows after the fact, as in traditional censorship. Rather, it has a channel through which to interfere before there is a fact at all. A value adjusted at the source is simply the value, the only one that ever propagates.

None of this announces itself. The login resolves, the page loads, and life goes on at the speed of habit. But somewhere behind it, past the interface and the vendor and the cloud, all the way upstream, sits the state.

Kendra Schaefer is a partner at Beijing-based policy consultancy Trivium China. She is a non-resident fellow at the National Bureau of Asian Research, and a 2025 fellow of the Penn Project on the Future of U.S.-China Relations.

1. https://pmc.ncbi.nlm.nih.gov/articles/PMC7375209/ ↩︎
2. https://www.gov.cn/xinwen/2020-01/20/content_5471057.htm ↩︎
3. https://www.npr.org/sections/goatsandsoda/2020/09/10/909688913/whatever-happened-to-the-instant-hospitals-built-in-wuhan-for-covid-19-patients  ↩︎
4. https://technode.com/2020/04/07/china-voices-how-alibaba-built-chinas-health-code/  ↩︎
5. https://en.wikipedia.org/wiki/Health_Codes_(Chinese_mobile_app_group) ↩︎
6. https://www.bbc.com/news/world-asia-china-61793149 ; https://www.reuters.com/world/china/china-bank-protest-stopped-by-health-codes-turning-red-depositors-say-2022-06-14/ ↩︎
7. https://paper.people.com.cn/zgjjzk/html/2022-06/30/nw.zgjjzk_20220630_3-02.htm ↩︎
8. https://www.gao.gov/products/gao-03-797r ↩︎
9. https://www.cac.gov.cn/2015-10/28/c_1116956896.htm ↩︎
10. https://en.people.cn/200207/22/eng20020722_100150.shtml ↩︎
11. https://www.gov.cn/gongbao/content/2014/content_2711418.htm ↩︎
12. https://www.uscc.gov/sites/default/files/2020-12/Chinas_Corporate_Social_Credit_System.pdf ↩︎
13. https://www.creditchina.gov.cn/ ↩︎
14. https://sj.qq.com/appdetail/uni.UNI90F147D ↩︎
15. https://sj.qq.com/appdetail/com.wind.enterprise ↩︎
16. https://www.nppa.gov.cn/xxfb/zcfg/gfxwj/201911/t20191119_4503.html ↩︎
17. https://www.gov.cn/zhengce/zhengceku/2021-09/01/content_5634661.htm ↩︎
18. https://developer.baidu.com/article/detail.html?id=7112008 ↩︎
19. https://appinchina.co/blog/the-complete-guide-to-chinas-real-name-verification/ ↩︎
20. https://news.sina.cn/sa/2007-02-10/detail-ikknscsk1852507.d.html?vt=4 ↩︎
21. https://www.aamva.org/technology/systems/verification-systems/dldv ↩︎
22. https://www.ssa.gov/dataexchange/eCBSV/ ↩︎