Two API Calls to Verify Someone Is a Student — No Document Uploads, No Email Checks

TL;DR: Studid's Free API that confirms a user belongs to a real university — through their own institution's login. Two API calls, no documents, no email verification, no API keys.

The problem

You need to know if someone is actually a student or researcher. The usual options:

• Upload a student ID or transcript — privacy hassle, manual review, easy to fake
• Check their .edu email — anyone can buy one, not real verification
• Build university SSO yourself — SAML certs, metadata, federation paperwork, weeks of work

None of these are good for you or your users.

A different way

The user logs in at their own university (same credentials they use for courses, email, library). You get back a simple result: yes, this person is at this institution. MFA included — the university handles it.

Two REST calls, no protocol knowledge needed.

Your App                   Studid                 User's University
  │                         │                           │
  │── POST /verification ──→│                           │
  │←── { id, link } ───────│                           │
  │                         │                           │
  │── redirect user ───────→│ (picks their university)   │
  │                         │── SAML AuthnRequest ──────→
  │                         │←── SAML Assertion ───────│
  │                         │                           │
  │── GET /verification/id ─→                           │
  │←── { session } ────────│                           │

Step 1: Create a check

No signup, no API key. Pick any secretToken:

curl -X POST https://api.studid.io/v2/auth/verification \
  -H "Content-Type: application/json" \
  -d '{
    "secretToken": "your-secret-here",
    "redirectUrl": "https://yourapp.com/callback",
    "serviceName": "Your App"
  }'

const res = await fetch('https://api.studid.io/v2/auth/verification', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    secretToken: crypto.randomUUID(),
    redirectUrl: 'https://yourapp.com/callback',
    serviceName: 'Your App'
  })
})
const { id, link } = await res.json()

Response:

{
  "id": "a1b2c3d4-...",
  "link": "https://studid.io/search?id=a1b2c3d4-..."
}

Send the user to link.

Step 2: User logs in at their university

They pick their institution from the list (thousands available), then log in normally at their university — same username/password/MFA they already use. Nothing new to learn.

When done, they arrive at your redirectUrl with ?verificationId=....

Step 3: Read the result

curl "https://api.studid.io/v2/auth/verification/{id}?id={id}&secretToken=your-secret-here"

const result = await fetch(
  `https://api.studid.io/v2/auth/verification/${id}?id=${id}&secretToken=${secretToken}`
)
const data = await result.json()

Response:

{
  "id": "a1b2c3d4-...",
  "session": {
    "authIdentifier": "MCE6NXEQ3FC3PU...@tu-berlin.de",
    "entityId": "https://idp.tu-berlin.de/shibboleth",
    "affiliations": ["student", "member"]
  }
}

What this gives you

• Use it for auth — let users sign in with their university. The authIdentifier is a reliable ID you can store in your user table.
• Use it for verification — check discounts, gated content, academic pricing. You know the user's institution (entityId) and optionally their role (affiliations).
• No email verification needed — the university asserts their identity, not a self-reported address. Skip the confirmation-link dance.
• No document review — no PDFs, no photos, no manual approval queues.

The authIdentifier is computed server-side — the API picks the strongest identifier available. Just read one field.

Coverage

Thousands of universities across 70+ national federations (US, Germany, UK, France, Japan, Switzerland, Netherlands, etc.).

Links

• API Reference
• Integration Guide
• Demo — try it in ~30 seconds

No API keys. No signup. Free.