Project overview ¶

This website provides technical documentation for the benefits application from the California Integrated Travel Project (Cal-ITP).

Cal-ITP Benefits is a web application that enables digital eligibility verification and enrollment for transit benefits onto transit riders’ existing contactless debit and credit cards.

The development of this publicly-accessible client is being managed by Caltrans’ California Integrated Travel Project (Cal-ITP), in partnership with the California Department of Technology (CDT). From the Cal-ITP site:

Our Cal-ITP Benefits web application streamlines the process for transit riders to instantly qualify for and receive discounts, starting with Monterey-Salinas Transit (MST), which offers a half-price Senior Fare. Now older adults (65+) who are able to electronically verify their identity are able to access MST’s reduced fares without the hassle of paperwork.

We worked with state partners on this product launch, and next we’re working to bring youth, lower-income riders, veterans, people with disabilities, and others the same instant access to free or reduced fares across all California transit providers, without having to prove eligibility to each agency.

Cal-ITP Benefits is open-source software that is designed, developed, and maintained by Compiler LLC on behalf of Caltrans, Cal-ITP, and our agency partners.

Current work ¶

We do sprint planning and track day-to-day work on our Project Board.

Product roadmap ¶

Our product roadmap captures what we’re currently building, what we’ve built, and what we plan to build in the future. We update it at the end of each quarter or when priorities change.

timeline
    title Cal-ITP Benefits Product Roadmap
%% Cal-ITP Benefits Epics (2024)
          section 2024

          Q1<br>Complete
          : Benefits admin tool (foundation)
          : Deploy SBMTD Reduced Fare Mobility ID enrollment pathway
          : Migrate to Littlepay Backoffice API

          Q2<br>Complete
          : Support for expiring benefits (low-income)
          : Improved UX for agency card enrollment
          : Improved UX for application error states

          Q3<br>Complete
          : Deploy low-income riders enrollment pathway
          : Benefits admin tool (agency users)
          : Benefits admin tool (in-person eligibility verification)

          Q4<br>Complete
          : Deploy Medicare cardholder enrollment pathway
          : Support for multiple identity providers (Medicare.gov)

%% Cal-ITP Benefits Epics (2025)
          section 2025

          Q1<br>Complete
        : Front-end enhancements and optimization
        : Deploy in-person enrollments
        : Utilize CDT Identity Gateway connection library

          Q2<br>Complete
        : Support for Discover and American Express cards

          Q3<br>Now
        : Support for multiple transit processors (Enghouse)
        : UI enhancements to help the application scale
        : Benefits admin tool (user management)

          Q4<br>Projected
        : Enhanced Veteran eligibility checks (disability status)
        : Support for additional identity provider (Socure)
        : Single eligibility check across multiple benefit options
        : Eligibility check for individuals with disabilities (CA DMV)

%%{
  init: {
    'logLevel': 'debug',
    'theme': 'default' ,
    'themeVariables': {
      'cScale0': 'orange',
      'cScaleLabel0': 'black',
      'cScale1': 'yellow',
      'cScaleLabel1': 'black'
    }
  }
}%%

Adoption by transit providers ¶

The following California transit providers have adopted Cal-ITP Benefits. The benefit options available to eligible riders are denoted by a green checkmark.

Transit provider	Initial launch date	Older adults	Medicare cardholders	U.S. Veterans	Agency card	Low-income
Monterey-Salinas Transit	12/2021	✅	✅	✅	✅	―
Santa Barbara Metropolitan Transit District	10/2023	✅	✅	―	✅	―
Sacramento Regional Transit District	10/2024	✅	✅	✅	―	―
Nevada County Connects	03/2025	✅	✅	✅	―	―
Ventura County Transportation Commission	10/2025	✅	✅	―	―	―
El Dorado Transit Authority	11/2025 (target)	*	*	*	*	*
Redding Area Bus Authority	12/2025 (target)	*	*	*	*	*
San Luis Obispo Regional Transit	02/2026 (target)	*	*	*	*	*
City of San Luis Obispo	02/2026 (target)	*	*	*	*	*
City of Roseville	Planned	*	*	*	*	*
Santa Cruz Metropolitan Transit District	Planned	*	*	*	*	*

Supported enrollment pathways ¶

The Cal-ITP Benefits app supports the following enrollment pathways that use the corresponding eligibility verification methods:

Enrollment pathway	Eligibility verification	Status	Launch
Older adults	Login.gov ID Proofed	Live	08/2022
Agency cards	Eligibility API	Live	11/2022
Veterans	Veteran Confirmation API	Live	09/2023
Low-income	CalFresh Confirm API	Live	07/2024
Medicare cardholders	Blue Button API	Live	09/2024

Technical and security details ¶

benefits is a Django 5 web application. The application talks to one or more Eligibility Verification APIs or claims providers. These APIs and the application itself are designed for privacy and security of user information:

The API communicates with signed and encrypted JSON Web Tokens containing only the most necessary of user data for the purpose of eligibility verification
The application requires no user accounts and stores no information about the user
Interaction with the application is anonymous, with only minimal event tracking for usage and problem analysis

Running the application locally is possible with Docker and Docker Compose. Hosting information.

The user interface and content is available in both English and Spanish. Additional language support is possible via Django’s i18n and l10n features.

The application communicates with external transit processor vendors via API calls and others like the Identity Gateway via redirects, both over the public internet. See all the system interconnections.

Infrastructure ¶

The Benefits application is deployed to Microsoft Azure. Traffic is encrypted between the user and the application, as well as between the application and external systems.

The network is managed by the California Department of Technology (CDT), who provide a firewall and distributed denial-of-service (DDoS) protection.

You can find more technical details on our infrastructure page.

Data storage ¶

The Benefits application doesn’t collect or store any user data directly, and we minimize the information exchanged between systems. The following information is temporarily stored in an encrypted session in the user’s browser:

The user’s progress through an enrollment pathway
Credentials for interacting with the eligibility verification services

Sensitive user information exists in the following places:

To enroll for reduced fares as an older adult, U.S. Veteran, or Calfresh cardholder, riders need to provide personal information to Login.gov.
To enroll for reduced fares as a Medicare cardholder, riders need to provide personal information to Medicare.gov.
Eligible riders need to provide their contactless credit or debit card information to one of our transit processors, to register their card for reduced fares.

None of that information is accessible to the Benefits system/team.

Learn more about the security/privacy practices of some of our third-party integrations:

Benefits collects analytics on usage, without any identifying information. You can find more details on our analytics page.

Transit processors ¶

The Benefits application integrates with transit processors to securely register credit or debit cards. This application currently supports the following transit processors:

Practices ¶

Dependabot immediately notifies the team of vulnerabilities in application dependencies.

Upon doing new major integrations, features, or architectural changes, the Benefits team has a penetration test performed by a third party to ensure the security of the system.

All code changes are reviewed by at least one other member of the engineering team, which is enforced through branch protections.