Case Study: University of Amsterdam secures student data access with SURFconext API Security

Safely accessing personal data in an app with SURFconext API Security

The University of Amsterdam (UvA) and the Hogeschool van Amsterdam (HvA) needed a secure method for their student app to retrieve sensitive personal data, like grades and timetables, from backend systems via APIs. The challenge was to reliably authenticate each student to ensure this private information was never exposed to the wrong user. They partnered with SURF and implemented its SURFconext API Security service to address this.

The solution involved using SURFconext's OpenID Connect protocol for central authentication, which issues secure tokens to the app for accessing the APIs. This eliminated the need for the universities to maintain their own authorization infrastructure, simplifying their systems and removing a management layer. As a result, SURF provided a more modern, standards-based security platform that is both low-threshold for users and highly secure against threats.

University of Amsterdam

Tom Kuipers

Developer