Enhanced security with token-based authentication

From day one, Clever has been built to be the most simple and most secure data integration solution for schools.  To improve on that promise, we are changing the way our partner applications authenticate with the Clever API.

EdTech applications currently access Clever’s API using an API key specific to the application.  While this single-key approach is an industry standard, we realized we can improve on it. Going forward, apps will access the API using a token that is specific to the app and to the district.   Each token provides access only to the data that an individual district has authorized for sharing with that app. Tokens provide increased security because each token provides access to a smaller set of data.  Token-based authentication also helps Clever to scale smoothly, which is a key focus as we prepare for the busy back-to-school season.

We are encouraging all of our partners to implement this change by this summer.  After July 1st, API implementations that make use of the old API keys will be rate-limited, and in Spring 2015 API keys will be fully deprecated for integrations.

We are supporting this change with updates across our product:

1. access to tokens in partner dashboards, and programmatically upon district signup
2. updated developer documentation
3. updated client libraries

More information is available at our API Getting Started guide.  And we invite your questions and feedback at tech-support@clever.com.