The latest articles on Forem by Andreas (@wagnandr). https://forem.com/wagnandr https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F874277%2F37d8317a-8bb7-4930-b6a9-8930a2c46fd0.png https://forem.com/wagnandr en Andreas Thu, 14 May 2026 09:38:30 +0000 https://forem.com/wagnandr/two-api-calls-to-verify-someone-is-a-student-no-document-uploads-no-email-checks-13fk https://forem.com/wagnandr/two-api-calls-to-verify-someone-is-a-student-no-document-uploads-no-email-checks-13fk <p><strong>TL;DR:</strong> Studid's Free API that confirms a user belongs to a real university — through their own institution's login. Two API calls, no documents, no email verification, no API keys.</p> <h2> The problem </h2> <p>You need to know if someone is actually a student or researcher. The usual options:</p> <ul> <li> <strong>Upload a student ID or transcript</strong> — privacy hassle, manual review, easy to fake</li> <li> <strong>Check their <code>.edu</code> email</strong> — anyone can buy one, not real verification</li> <li> <strong>Build university SSO yourself</strong> — SAML certs, metadata, federation paperwork, weeks of work</li> </ul> <p>None of these are good for you or your users.</p> <h2> A different way </h2> <p>The user logs in at their own university (same credentials they use for courses, email, library). You get back a simple result: yes, this person is at this institution. MFA included — the university handles it.</p> <p>Two REST calls, no protocol knowledge needed.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Your App Studid User's University │ │ │ │── POST /verification ──→│ │ │←── { id, link } ───────│ │ │ │ │ │── redirect user ───────→│ (picks their university) │ │ │── SAML AuthnRequest ──────→ │ │←── SAML Assertion ───────│ │ │ │ │── GET /verification/id ─→ │ │←── { session } ────────│ │ </code></pre> </div> <h2> Step 1: Create a check </h2> <p>No signup, no API key. Pick any <code>secretToken</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>curl -X POST https://api.studid.io/v2/auth/verification \ -H "Content-Type: application/json" \ -d '{ "secretToken": "your-secret-here", "redirectUrl": "https://yourapp.com/callback", "serviceName": "Your App" }' </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://api.studid.io/v2/auth/verification</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">secretToken</span><span class="p">:</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomUUID</span><span class="p">(),</span> <span class="na">redirectUrl</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://yourapp.com/callback</span><span class="dl">'</span><span class="p">,</span> <span class="na">serviceName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Your App</span><span class="dl">'</span> <span class="p">})</span> <span class="p">})</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">link</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> </code></pre> </div> <p>Response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"a1b2c3d4-..."</span><span class="p">,</span><span class="w"> </span><span class="nl">"link"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://studid.io/search?id=a1b2c3d4-..."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Send the user to <code>link</code>.</p> <h2> Step 2: User logs in at their university </h2> <p>They pick their institution from the list (thousands available), then log in normally at their university — same username/password/MFA they already use. Nothing new to learn.</p> <p>When done, they arrive at your <code>redirectUrl</code> with <code>?verificationId=...</code>.</p> <h2> Step 3: Read the result </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>curl "https://api.studid.io/v2/auth/verification/{id}?id={id}&amp;secretToken=your-secret-here" </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span> <span class="s2">`https://api.studid.io/v2/auth/verification/</span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">?id=</span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">&amp;secretToken=</span><span class="p">${</span><span class="nx">secretToken</span><span class="p">}</span><span class="s2">`</span> <span class="p">)</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">result</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> </code></pre> </div> <p>Response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"a1b2c3d4-..."</span><span class="p">,</span><span class="w"> </span><span class="nl">"session"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"authIdentifier"</span><span class="p">:</span><span class="w"> </span><span class="s2">"MCE6NXEQ3FC3PU...@tu-berlin.de"</span><span class="p">,</span><span class="w"> </span><span class="nl">"entityId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://idp.tu-berlin.de/shibboleth"</span><span class="p">,</span><span class="w"> </span><span class="nl">"affiliations"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"student"</span><span class="p">,</span><span class="w"> </span><span class="s2">"member"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> What this gives you </h2> <ul> <li> <strong>Use it for auth</strong> — let users sign in with their university. The <code>authIdentifier</code> is a reliable ID you can store in your user table.</li> <li> <strong>Use it for verification</strong> — check discounts, gated content, academic pricing. You know the user's institution (<code>entityId</code>) and optionally their role (<code>affiliations</code>).</li> <li> <strong>No email verification needed</strong> — the university asserts their identity, not a self-reported address. Skip the confirmation-link dance.</li> <li> <strong>No document review</strong> — no PDFs, no photos, no manual approval queues.</li> </ul> <p>The <code>authIdentifier</code> is computed server-side — the API picks the strongest identifier available. Just read one field.</p> <h2> Coverage </h2> <p>Thousands of universities across 70+ national federations (US, Germany, UK, France, Japan, Switzerland, Netherlands, etc.).</p> <h2> Links </h2> <ul> <li><a href="https://studid.io/docs" rel="noopener noreferrer">API Reference</a></li> <li><a href="https://studid.io/docs/guide" rel="noopener noreferrer">Integration Guide</a></li> <li> <a href="https://studid.io" rel="noopener noreferrer">Demo</a> — try it in ~30 seconds</li> </ul> <p>No API keys. No signup. Free.</p> api tutorial edtech webdev Andreas Thu, 09 Jun 2022 11:10:43 +0000 https://forem.com/studid/just-shipped-the-first-alpha-release-of-our-api-1ihe https://forem.com/studid/just-shipped-the-first-alpha-release-of-our-api-1ihe <p>Our free API allows you to authenticate students, researchers and educators with the SSO service of their institution.</p> <p>A successful authentication provides the user's unique identifier, institution, institution country and affiliation (e.g. faculty, staff, student, employee) to their institution.</p> <p>To better understand how we can improve Studid, I'd appreciate any feedback or advice you can offer.</p> <p>Try Studid out <a href="https://studid.io">https://studid.io</a></p> api startup