Getting Access to the Person API
These are the steps for gaining access to the Person API . The process is different for Madison and the rest of the Universities of Wisconsin. Follow the appropriate steps depending on which university you're requesting data for.
Terms and Conditions
You agree to use the Person API only for the use case you describe in your request. If you need to expand to other applications or use-cases, you will need to submit a new access request.
UW-Madison Requests
For Person API access requests that only need UW-Madison data, first review your obligations and responsibilities as outlined on page 9 of the Institutional Data Access and Authorization Standard .
Next, submit an access request using this form .
Other Universities of Wisconsin Requests
For requesting access to the Person API for other Universities of Wisconsin, or to request access for all Universities of Wisconsin data, use this form .
After access is granted, you may be contacted by Universities of Wisconsin Shared Services Cybersecurity department to perform a cybersecurity review of the system consuming data from the Person API.
Next Steps
The request will get routed to the appropriate data stewards who may reach out if additional details about the request are needed. Otherwise, after the request is approved by the data stewards, the DoIT API team will reach out to grant access to the Person API.
While you are waiting for your request to be approved, we recommend creating an application and trying out the Mock Person API . Follow the Getting Started guide to create a team and register an application, and then enable access to the Mock Person API.
We also recommend looking at the Person API documentation, including guidelines and tutorials. Documentation links are provided on the Person API specification page .
Feel free to email api@doit.wisc.edu if you have questions about the Person API request process or would like to check on the status of a request.
Permissions
Some data in the Person API requires special authorization to get access. Certain data is grouped into 'Sensitive' categories which can be requested in the access request form.
Depending on the type of data, permissions will either grant access to individual attributes (e.g. dateOfBirth ) or entire resources (e.g. an address in the /addresses endpoint).
Sensitive Person Demographics
The Sensitive Person Demographics permission grants access to the following data:
/peopledateOfBirthdeceasedlegalSex
/people/{ID}/names- SIS Legal Name: A name resource with
nameType=primaryandsource=SIS
- SIS Legal Name: A name resource with
Sensitive Person Contact
The Sensitive Person Contact permission grants access to the following data:
/people/{ID}/addresses- Home Addresses: An address resource with an
addressTypeofcurrentHomeorpermanentHome
- Home Addresses: An address resource with an
/people/{ID}/phoneNumbers- Home and Mobile Phones: A phone number resource with an
phoneNumberTypeofhomeormobile
- Home and Mobile Phones: A phone number resource with an
/people/{ID}/emailAddresses- Home Email Addresses: An email address resource with
emailAddressType=home
- Home Email Addresses: An email address resource with
Sensitive Identifiers
The Sensitive Identifiers permission grants access to the following data:
/people/{ID}/wiscard- Proximity ID: The attribute
proximityIdin the Wiscard resource
Social Security Numbers
The Social Security Numbers permission will allow access to the /socialSecurityNumbers endpoint. This permission cannot be requested.
Inactive Population
A special permission is required to access people with the "Inactive" affiliation. This permission also grants access to the active field in the names and identifiers resources, including names and identifiers where active is true or false . The Inactive Population contains people who activated a NetID but are no longer part of the UW-Madison population.
Default Permissions
Anyone with access to the Person API will have access to all other data not listed in the permissions above.