The V3 (3.0) specification of the Open Education API currently supports the following data types:

This current V3 specification is available at:

The development of the Open Education API standard will be ongoing, so this set will be further expanded in the future to support new data types. New issues can be added and discussed at the issuetracker.

The Open Education API Reference Documentation can be found at:


Not all educational data is publically available, such as exam results. Although it is technically possible to secure the API with a user name and password, that does not make much sense. By doing so, you will often get access to a whole set of services, while your app probably only wants to find out about borrowed library books. And what if your password is spread by theft or a virus? To avoid unpleasant consequences and ensure secure information sharing, the Open Education API supports the OAuth 2.0 protocol.

OAuth 2.0

OAuth 2.0 is an open protocol for secure access, allowing you to give your programs or websites access to data that are stored on other websites, without having to hand over your user name and password. OAuth 2.0 also uses tokens, meaning you no longer need to provide confidential data such as a user name or password. Each token provides access to specific data on a single website for a certain amount of time, and it can be configured so that a given program only has access to certain data.

SURFconext API security

SURFconext API Security allows you to protect your institution’s APIs via SURFconext. These include the student information system and the timetabling system. Logging in to an institutional API is therefore just as safe and secure as logging in to a regular service connected to SURFconext.
Read more on the page: Secure your APIs with SURFconext API security.