IAREBT Verify: QR Code Authentication for Certificates

About the client

The International Association for Rational Emotive Behavior Therapy (IAREBT) is an association that provides academic training in Rational Emotive Behavior Therapy (REBT).

Given that the association has accredited training centers in more than 15 countries, they were looking for an efficient way to generate participants' certificates.

Requirements

IAREBT requires a secure and reliable web platform for creating, managing, and consulting the authenticity of certificates via an alphanumeric or QR code.

The platform was divided into two sections (public and private access), with the following requirements:

Administrative Panel (Private Access)

The affiliated training centers (ATCs) and the IAREBT board are responsible for creating and validating the certificates, respectively. The software should allow us to:

  • Create participants and supervisors with the following attributes:
    • Personal information like name, email, phone number, and email.
    • Multiple PDF files (license to practice, proof of degree, etc.)
  • Create multiple certificates with
    • Certificate type (Level 1, 2, 3...)
    • Start and finish dates of certification.
    • Participant
    • Affiliated Training Center (Issuer of the certificate)
    • Multiple Supervisors
  • Approve the creation of a certificate and enable the option to download it.
  • Generate a unique verification code associated with the certificate.
  • Generate a QR code for direct validation.
  • Generate the participant PDF certificate with all relevant attributes and a unique QR code.

Web Page (Public Access)

When a client scans the QR code, it is redirected to a unique URL. For example, https://verify.iarebt.org/?qr=F-SVPWNL, where the link parameter (F-SVPWNL) is the unique identifier of the certificate.

When the web page loads, the client will see relevant information about the certificate, like the name and program.

Overall, the software allows us to:

  • Scan a QR code and automatically validate the authenticity of a certificate.
  • Search by the certificate code and validate the authenticity of a certificate.
  • The public transactions will be verified with Google reCAPTCHA to prevent bots or malicious access.

Architecture

We implemented this web platform as a Next.js project with API routes (serverless technology under the hood) and deployed it on Vercel.

Results