Secure your APIs with SURFconext API security
As an institution, you want to offer your students a personalised learning experience. To do this, you are opening up more and more data via APIs to other institutions or to mobile apps, so that students are always aware of timetable changes and new grades, for example. You share this data securely with SURFconext API Security.
Securing institutional APIs properly
Institutions are using more and more APIs to make data available. They are right to want to secure this data properly, for example to prevent sensitive data falling into the wrong hands. An important step in this is safely and reliably establishing the identity of the user. This is done with SURFconext API Security, a functionality of OpenID Connect (article in Dutch) that SURFconext uses.
SURFconext API Security provides the security and reliability of SURFconext
With SURFconext API Security you shield your institution's APIs via SURFconext. These include the student information system and the timetabling system. Logging in to an institutional API is therefore just as safe and reliable as logging in to a regular service connected to SURFconext. Even if the user comes from outside your own institution!
No authorisation server needed
With SURFconext API Security you no longer need to add your own authorisation server to your application landscape. After all, SURFconext API Security handles authorisation requests from connected institution APIs for you.
Including all the conveniences of SURFconext
You can also make use of the additional features of SURFconext, such as the two-factor authentication service SURFsecureID and the management dashboards for IdPs and SPs. With the management dashboard for IdPs, in the future you will be able to configure as an institution which customers are allowed to query your own APIs. You will also be able to see statistics on the use of the APIs.
Do you also want to use SURFconext API Security?
Send an email to firstname.lastname@example.org and we will start the connection process.
Want to know more?
- Read the use case of UvA/Hva: Safely accessing personal data in an app with SURFconext API Security