The Problem
The University of the Philippines Manila operates two distinct systems critical to academic operations: AWTOR (Author's Workflow and Tracking of Research) and SURI (System for Unified Research Information).
AWTOR functions as the primary research dashboard, handling ethics management, intellectual property, and prerequisite certificates. SURI handles the final research registration, management, and funding.
The Core Friction
Researchers are strictly required to clear prerequisites in AWTOR before they are permitted to register their research in SURI. However, redirecting users between these isolated environments forced a secondary login screen. This double-authentication requirement created immense UX friction and fragmented the user journey.
The Fix: Signed URL Handshake
We needed a way to guarantee identity transfer without passing raw credentials or forcing a secondary sign-in. The solution was a secure, backend-verified handshake utilizing time-boxed, cryptographically signed URLs.
Prerequisite Clearance & Token Generation
The researcher completes certificate checks. AWTOR generates a short-lived token containing the user's ID and signs it using a shared private key.
Redirection via Signed URL
Backend Handshake & Verification
SURI intercepts the URL. Before granting access, it makes a secure server-to-server API call back to AWTOR to verify the token hasn't been tampered with or expired. If valid, a session is established immediately.
The Result: Researchers experience a continuous flow. They hit a button in AWTOR and instantly land inside the SURI registration dashboard, fully authenticated, while maintaining strict architectural decoupling between the two databases.