Authentication

Learn how to authenticate your requests to the API.

The API uses simple API key–based authentication. Each education region is issued a single API key, which must be included in every request via the api-key HTTP header.

API keys do not expire. The region that receives the key is responsible for its secure storage and use, including any third-party integrations that rely on it.

A new major version of the API (v2) is planned for early 2026 and will include a redesign of the authentication system. Existing API keys will remain valid after migrating to v2.

Examples

const response = await fetch(
  "https://onderwijsregio.onderwijsin.nl/api/v1/schema",
  {
    method: "GET",
    headers: {
      "api-key": process.env.ONDERWIJSREGIO_API_KEY as string,
      "Content-Type": "application/json",
    },
  }
);

const data = await response.json();

$ch = curl_init("https://onderwijsregio.onderwijsin.nl/api/v1/schema");

curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => [
        "api-key: " . getenv("ONDERWIJSREGIO_API_KEY"),
        "Content-Type: application/json",
    ],
]);

$response = curl_exec($ch);
curl_close($ch);

import os
import requests

response = requests.get(
    "https://onderwijsregio.onderwijsin.nl/api/v1/schema",
    headers={
        "api-key": os.environ["ONDERWIJSREGIO_API_KEY"],
        "Content-Type": "application/json",
    },
)

data = response.json()

curl https://onderwijsregio.onderwijsin.nl/api/v1/schema \
  -H "api-key: $ONDERWIJSREGIO_API_KEY" \
  -H "Content-Type: application/json"