Skip to main content

User Data & Pseudonymization — External API Perspective

Overview

When external tools (e.g., Bettermarks) make requests to the Roster API, all user data is protected through pseudonymization. The API ensures that no real user identities are exposed to third-party services.

Data Returned per Endpoint

GET /roster/users/{user}/metadata

FieldValuePseudonymized?
user_idUser's internal database ID❌ No
usernameIframe HTML content✅ Yes (real name hidden)
typeteacher or student❌ No (role only)

Note: This endpoint requires a valid pseudonym in the query parameter. Only authorized requests with a matching pseudonym can retrieve metadata.

GET /roster/users/{user}/groups

FieldValuePseudonymized?
group_idCourse/Room ID❌ No
nameCourse/Room name❌ No
student_countNumber of students❌ No

Note: Group information is returned, but no individual user data is exposed in this response.

GET /roster/groups/{id}

For each group member (students and teachers):

FieldValuePseudonymized?
user_idPseudonym string✅ Yes
usernameIframe HTML content✅ Yes

What External Tools Cannot See

Protected DataReason
Real user IDReplaced with tool-specific pseudonym
Real username/nameReplaced with iframe HTML subject
Email addressNever exposed
Personal detailsNever exposed
School informationNot directly exposed

Pseudonymization Details

Pseudonym Characteristics

  • Unique per tool: Each external tool receives a different pseudonym for the same user
  • Consistent: The same tool always receives the same pseudonym for a given user
  • Non-reversible: External tools cannot derive real user data from the pseudonym

Username Field

The username field does not contain the actual username. Instead, it contains:

  • An iframe HTML subject — a rendered HTML snippet
  • This allows display in the external tool without exposing real identity

Summary Table

EndpointReal ID ExposedReal Name ExposedUses Pseudonym
/users/{user}/metadataYes (internal ID)No (iframe)Required in request
/users/{user}/groupsN/AN/ARequired in request
/groups/{id}NoNoYes (in response)