VOOZH about

URL: https://dev.to/wagnandr/two-api-calls-to-verify-someone-is-a-student-no-document-uploads-no-email-checks-13fk

⇱ Two API Calls to Verify Someone Is a Student — No Document Uploads, No Email Checks - DEV Community

TL;DR: Studid's Free API that confirms a user belongs to a real university — through their own institution's login. Two API calls, no documents, no email verification, no API keys.

The problem

You need to know if someone is actually a student or researcher. The usual options:

  • Upload a student ID or transcript — privacy hassle, manual review, easy to fake
  • Check their .edu email — anyone can buy one, not real verification
  • Build university SSO yourself — SAML certs, metadata, federation paperwork, weeks of work

None of these are good for you or your users.

A different way

The user logs in at their own university (same credentials they use for courses, email, library). You get back a simple result: yes, this person is at this institution. MFA included — the university handles it.

Two REST calls, no protocol knowledge needed.

Your App Studid User's University
 │ │ │
 │── POST /verification ──→│ │
 │←── { id, link } ───────│ │
 │ │ │
 │── redirect user ───────→│ (picks their university) │
 │ │── SAML AuthnRequest ──────→
 │ │←── SAML Assertion ───────│
 │ │ │
 │── GET /verification/id ─→ │
 │←── { session } ────────│ │

Step 1: Create a check

No signup, no API key. Pick any secretToken:

curl -X POST https://api.studid.io/v2/auth/verification \
 -H "Content-Type: application/json" \
 -d '{
 "secretToken": "your-secret-here",
 "redirectUrl": "https://yourapp.com/callback",
 "serviceName": "Your App"
 }'

const res = await fetch('https://api.studid.io/v2/auth/verification', {
 method: 'POST',
 headers: { 'Content-Type': 'application/json' },
 body: JSON.stringify({
 secretToken: crypto.randomUUID(),
 redirectUrl: 'https://yourapp.com/callback',
 serviceName: 'Your App'
 })
})
const { id, link } = await res.json()

Response:

{"id":"a1b2c3d4-...","link":"https://studid.io/search?id=a1b2c3d4-..."}

Send the user to link.

Step 2: User logs in at their university

They pick their institution from the list (thousands available), then log in normally at their university — same username/password/MFA they already use. Nothing new to learn.

When done, they arrive at your redirectUrl with ?verificationId=....

Step 3: Read the result 

curl "https://api.studid.io/v2/auth/verification/{id}?id={id}&secretToken=your-secret-here"

const result = await fetch(
 `https://api.studid.io/v2/auth/verification/${id}?id=${id}&secretToken=${secretToken}`
)
const data = await result.json()

Response:

{"id":"a1b2c3d4-...","session":{"authIdentifier":"MCE6NXEQ3FC3PU...@tu-berlin.de","entityId":"https://idp.tu-berlin.de/shibboleth","affiliations":["student","member"]}}

What this gives you

  • Use it for auth — let users sign in with their university. The authIdentifier is a reliable ID you can store in your user table.
  • Use it for verification — check discounts, gated content, academic pricing. You know the user's institution (entityId) and optionally their role (affiliations).
  • No email verification needed — the university asserts their identity, not a self-reported address. Skip the confirmation-link dance.
  • No document review — no PDFs, no photos, no manual approval queues.

The authIdentifier is computed server-side — the API picks the strongest identifier available. Just read one field.

Coverage

Thousands of universities across 70+ national federations (US, Germany, UK, France, Japan, Switzerland, Netherlands, etc.).

Links

No API keys. No signup. Free.