Problem

NTUN School needed a secure way for parents to verify whether their phone numbers are correctly stored in the school system, without exposing sensitive student data or requiring staff assistance.

Process

• Designed a clean, mobile-responsive verification interface with real-time input validation for Thai phone numbers (10 digits).
• Implemented Next.js App Router with secure API routes that connect to Google Sheets as the data source.
• Built a JWT-based authentication system with session management for secure access control.
• Added client-side caching with IndexedDB and WebSocket support for automatic cache invalidation.
• Implemented rate limiting (1 request per 2 seconds) to prevent API abuse and protect privacy.
• Created privacy-focused response that only confirms existence without exposing other data.

Results

• Parents can quickly verify their phone registration status without staff assistance.
• Secure API with JWT authentication protects sensitive student and parent data.
• Privacy-preserving design ensures minimal data exposure during verification.

Learnings

• Designing privacy-first systems that balance usability with data protection.
• Implementing secure verification without exposing underlying database structure.
• Handling Thai localization and phone number formatting for local users.