The Aeries v5 API has been expanded with new endpoints and capabilities designed to support third-party enrollment integrations, including Aeries Enroll Path. This expansion is designed for district administrators and API vendors who need to search for students, transfer students between schools, manage medical history, immunizations, medical insurance, language assessments, student authorizations, free and reduced price meal records, parent survey responses, school supplemental data, upload documents, and track enrollment compliance — all through a secure, consistent REST API built on the v5 standard.

From this article, you can:

  • Review the prerequisites and security areas required for each endpoint
  • Enable the v5 Enhancements feature flag that gates most new endpoints
  • Reference the full set of new and extended endpoints, including request/response behavior and key constraints

To enable the endpoints described in this article, navigate to Admin > Feature Flags in Aeries and enable the v5 Enhancements flag; see Feature Flag Requirement for details.

Important: Most endpoints in this article are gated behind the v5 Enhancements feature flag and return HTTP 501 Not Implemented when it is OFF. Two exceptions are pre-existing, generally-available endpoints — Medical History and Student Authorizations. These remain fully available when the flag is OFF; for them, the flag governs only the new code-value validation behavior, not the endpoints themselves.

Table of Contents

Prerequisites and Security
Feature Flag Requirement
District-Wide Student Search
Inter-School Student Transfer
Medical History
Student Field Write Extensions
Language Assessment
Parent Portal Account Provisioning
Contact Comment Write Support
External Student IDs
Document Uploads
Document Confirmation Log
Other District Enrollments
Immunizations
Medical Insurance
Student Authorizations
Free and Reduced Price Meals Records
Parent Survey Responses
School Supplemental Data
Frequently Asked Questions


Prerequisites and Security

Before using the v5 API enhancements, ensure the following are in place:

  • The v5 Enhancements feature flag must be enabled for your district. Contact Aeries Software Support before enabling this flag.
  • All requests require a valid AERIES-CERT certificate header.
  • Each endpoint is protected by a dedicated API security area. A district administrator must grant the appropriate permissions to your API vendor on the API Security page in Aeries.
  • After enabling the feature flag, the system may take up to 15 minutes to activate. You must log out and back into Aeries before changes take effect.
Note: When the v5 Enhancements flag is OFF, all gated endpoints return HTTP 501 Not Implemented. No data is read or written while the flag is disabled. Exception: Medical History and Student Authorizations are pre-existing, generally-available endpoints that remain fully available when the flag is OFF. For these two endpoints, the flag governs only the new code-value validation behavior.

Feature Flag Requirement

All v5 API enhancements are gated behind the v5 Enhancements feature flag, which is disabled by default.

To enable it:

  1. Navigate to Admin > Feature Flags (admin/featureflagsconfig.aspx).
  2. Locate the v5 Enhancements row in the Feature Flags table.
  3. Check the checkbox to enable the flag and click Save.
Important: Contact Aeries Software Support before enabling this feature flag. Early access is currently limited to pilot districts.

Overview

Search for students across all schools in a district before creating an enrollment record. This enables duplicate detection and ensures the correct workflow — new student insert vs. transfer — is triggered.

Endpoint

MethodRoutePurpose
GET/api/v5/studentsSearch for students district-wide by name, birthdate, or student ID

Query Parameters

ParameterTypeNotes
lastNamestringPartial match (starts-with). "Smi" matches "Smith", "Smithson".
firstNamestringPartial match (starts-with).
birthdatedate (YYYY-MM-DD)Exact match.
studentIdintegerExact match on Student Permanent ID.
afterintegerLast student ID from the previous page (keyset pagination).
limitintegerResults per page. Maximum: 100. Default: 100.

Key Behaviors

  • At least one search parameter must be provided. Requests with no parameters return HTTP 400.
  • Results include active and inactive/transferred students across all schools in the district.
  • Each result includes Guardian 1 and Guardian 2 contact information: first name, last name, relationship, home phone, cell phone, and email. Missing guardians return as null.
  • Results are paginated using keyset pagination. Pass the nextKey value as the after parameter on subsequent requests.
  • The grade field is returned as stored in Aeries (STU.GR). Pre-K grades follow the Aeries storage convention, where TK appears as -1 and PS as -2.

Security

Requires the District-Wide Student Search (qrySTU) security area with Read permission.


Inter-School Student Transfer

Overview

Transfer an existing student from their current school to a destination school within the same district.

Endpoint

MethodRoutePurpose
POST/api/v5/students/{studentId}/transfersTransfer a student to a destination school

Key Behaviors

  • The destinationSchoolCode field is required and must be an integer. enterDate, status, and grade are optional.
  • The grade must fall within the destination school's configured grade range.
  • The origin school record is not modified — no withdrawal is performed at the source school. If a withdrawal is required, that must be handled separately.
  • If the student is already enrolled at the destination school, the request is idempotent and returns the existing record unchanged.
  • Supports active students, inactive students, and previously returning students.

Security

Requires the Student Transfer (cmdTrn) security area with Insert permission.


Medical History

Overview

Create, read, update, and delete student medical history records (MHS table) via the v5 API. This allows enrollment systems to write medical information collected during the enrollment process directly into Aeries.

Note: Medical History is a pre-existing, generally-available v5 endpoint (full CRUD). The Enroll Path enhancement is code-value validation of the Medical Condition Code on POST/PUT. This endpoint is not gated by the v5 Enhancements flag and remains available when the flag is off.

Endpoints

MethodRoutePurpose
GET/api/v5/schools/{sc}/students/{id}/medical-historyRetrieve medical history records
POST/api/v5/schools/{sc}/students/{id}/medical-historyCreate a new record
PUT/api/v5/schools/{sc}/students/{id}/medical-history/{sq}Update an existing record
DELETE/api/v5/schools/{sc}/students/{id}/medical-history/{sq}Delete a record

Key Behaviors

  • Invalid school codes return HTTP 404.
  • GET returns records with resolved medical condition code descriptions. Each row includes PermanentID, SchoolCode, SequenceNumber, MedicalConditionCode, Date, ParentComment, and SchoolComment. The dedup key is MedicalConditionCode — one row per condition code per student.
  • POST and PUT enforce field-level security and return the saved record on success.
  • DELETE returns HTTP 204 No Content. Attempting to delete a nonexistent record returns HTTP 404.

Student Field Write Extensions

Overview

Four additional student fields — previously unavailable via the API — can now be written during student insert and update operations.

New Writable Fields

FieldDB ColumnAvailable OnNotes
MobilePhoneSTU.MPHInsert & UpdateStudent's mobile phone number collected during enrollment.
StudentEmailSTU.SEMInsert & UpdateStudent's email address.
RegistrationDateSTU.RDTInsert onlyDate the enrollment registration was submitted.
RegistrationSourceSTU.RSYInsert onlyIdentifies the originating enrollment system. If omitted, defaults to "API - {VendorName}".

Affected Endpoints

  • POST /api/v5/schools/{schoolCode}/students — create student
  • PUT /api/v5/students/{studentId} — update student (district-wide)
  • PUT /api/v5/schools/{schoolCode}/students/{studentId} — update student (school-scoped)

Language Assessment

Overview

Support for Language Assessment (LAC) records, including Home Language Survey (HLS) data, state-specific fields, signature tracking, and audit fields. This enables complete language assessment data to be written to Aeries without manual entry.

Endpoints

MethodRoutePurpose
GET/api/v5/students/{studentId}/language-assessmentsRetrieve the language assessment record for a student
POST/api/v5/students/{studentId}/language-assessmentsCreate a new record
PUT/api/v5/students/{studentId}/language-assessmentsUpdate an existing record
DELETE/api/v5/students/{studentId}/language-assessmentsDelete a record

Key Behaviors

  • LAC is one-to-one with a student on permanent ID — there is only ever one record per student. GET returns a single object directly, not an array.
  • Supports all LAC fields including core language codes (L1–L4), Texas-specific previous language (L5), California school entry date (STS), HLS date and completion tracking, and signature fields.
  • GET returns HTTP 404 when no assessment record exists for the student. This is the normal "no assessment on file" signal, not an error — clients must handle 404 as a valid empty state.
  • POST returns HTTP 201 Created on a new insert. POST returns HTTP 409 Conflict when an active LAC record already exists. Callers should treat 409 as informational (record already in place), not as a failure. Soft-deleted records are silently restored on POST (no 409 in that case).
  • All fields are individually gated by resource-based authorization.
  • A dedicated API Security object is available on the API Security page.

Parent Portal Account Provisioning

Overview

When a vendor inserts or updates a qualifying contact via the API, the system automatically provisions a Parent Portal account for that contact. This eliminates the need for school staff to manually create portal accounts for parents. Provisioning is restricted to registered Aeries Enroll Path vendors only.

Provisioning Endpoints

Parent Portal provisioning uses three dedicated endpoints:

MethodRoutePurpose
GET/api/v5/parent-portal/accounts/lookup?email={email}Check whether a portal account exists for this email. Returns {AID, AST} or HTTP 404.
POST/api/v5/parent-portal/accountsCreate or resurrect a portal account. Returns {AID, AST, ActivationUrl}.
POST/api/v5/parent-portal/accounts/{aid}/studentsLink a student to an existing portal account. Idempotent on (AID, StudentID).

Provisioning Workflow

To provision a portal account for a contact:

  1. Call the lookup endpoint to check whether a portal account already exists for the contact's email address.
  2. If no account is found (HTTP 404), call the create-account endpoint to create or resurrect an account.
  3. Call the link-student endpoint to associate the student with the portal account.

Provisioning Conditions

A contact is eligible for portal provisioning when all of the following conditions are met:

  • The API caller is a registered Aeries Enroll Path vendor.
  • The contact has a valid email address.
  • The contact is designated as the Primary contact.
  • The AccessToPortal flag on the contact is set to true.
  • The district's “Disable Portal Account Creation” setting must not be enabled.
  • No portal account or access already exists for that email + student combination (prevents duplicates).

Key Behaviors

  • Duplicate account creation is prevented — if a portal account already exists for the contact's email, no new account is created.
  • All provisioning attempts are logged regardless of outcome.
  • The email lookup route uses a query string (/accounts/lookup?email=) rather than a path segment, to avoid routing issues with special characters in email addresses.
  • The link-student call is idempotent on (AID, StudentID) and returns HTTP 201 Created. The server checks HasAccess before linking to preserve portal-level authorization state.
  • ActivationUrl in the create-account response is server-assembled. The raw portal confirmation code (PCC) is never returned to the vendor.

Contact Comment Write Support

Overview

The Comment field on student contact records (CON.ME) can now be written via the API on both insert and update operations.

Affected Endpoints

  • POST /api/v5/students/{studentId}/contacts — create contact (Comment field now accepted)
  • PUT /api/v5/students/{studentId}/contacts/{sequence} — update contact (Comment field now accepted)

Key Behaviors

  • The Comment field maps to CON.ME in the Aeries database.
  • The Comment field (CON.ME) is written as part of the contact insert/update. Access is governed by the Contacts (CON) security area on the endpoint — there is no separate per-field gate, and the value is not silently ignored.

External Student IDs

Overview

Create and read external student ID records (ESI table) via the API.

Endpoints

MethodRoutePurpose
GET/api/v5/schools/{schoolCode}/students/{studentId}/external-idsList all external ID records for a student
POST/api/v5/schools/{schoolCode}/students/{studentId}/external-idsCreate a new external ID record

Key Behaviors

  • The composite key (StudentID + SchoolCode + VendorName) must be unique. Duplicate keys return HTTP 409 Conflict.
  • A dedicated API Security object is available on the API Security page.

Document Uploads

Overview

Upload documents and metadata, read and update metadata, and delete documents and metadata via the v5 API.

Endpoints

MethodRoutePurpose
GET/api/v5/students/{studentId}/documentsList document metadata for a student (paginated)
POST/api/v5/students/{studentId}/documentsUpload a new document (metadata + binary in a single request)
PUT/api/v5/students/{studentId}/documents/{sq}Update document metadata
DELETE/api/v5/students/{studentId}/documents/{sq}Delete document and binary content

Key Behaviors

  • Results are paginated using keyset pagination. Pass the after parameter with the last document sequence number to retrieve the next page.
  • File size limits are enforced. Oversized files return HTTP 413.
  • DELETE removes both the metadata record and the binary file content.
  • HEIC files are silently converted to JPEG before storage. The Extension field in the response will reflect the converted type (jpeg), not the original (heic). This is relevant for uploads from iOS devices where HEIC is the default camera format.
Note: File download capability (binary retrieval via GET) is not included in this release. The GET endpoint returns metadata only.

Document Confirmation Log

Overview

Create and read document confirmation log records (DCL table) for compliance tracking.

Endpoints

MethodRoutePurpose
GET/api/v5/schools/{schoolCode}/students/{studentId}/document-confirmationsList all document confirmation records for a student
POST/api/v5/schools/{schoolCode}/students/{studentId}/document-confirmationsCreate a new confirmation record

Key Behaviors

  • GET returns HTTP 200 with a JSON array when confirmation records exist. GET returns HTTP 204 No Content (empty body) when no records exist yet — clients must handle 204 as a valid empty-list state, not as an error.
  • SequenceNumber is server-generated and appears in the response only. It is not a field callers can send on POST.
  • Pagination is not required — confirmation records are scoped to a single student, which naturally limits the result set.
  • A dedicated API Security object is available on the API Security page.

Other District Enrollments

Overview

Full create, read, update, and delete support for Other District Enrollment records (ODE table).

Endpoints

MethodRoutePurpose
GET/api/v5/students/{id}/other-district-enrollmentsRetrieve ODE records for a student
POST/api/v5/students/{id}/other-district-enrollmentsCreate a new ODE record
PATCH/api/v5/students/{id}/other-district-enrollments/{sq}Update an existing ODE record
DELETE/api/v5/students/{id}/other-district-enrollments/{sq}Delete an ODE record

Key Behaviors

  • All operations follow standard Aeries API conventions for authentication, authorization, error handling, and response formatting.
  • All fields are individually gated by resource-based authorization.
  • A dedicated API Security object is available on the API Security page.

Immunizations

Overview

Read existing immunization records and write vaccination dose records (IMM table) via the v5 API. This allows enrollment systems to sync vaccination data collected during enrollment directly into Aeries.

Endpoints

MethodRoutePurpose
GET/api/v5/schools/{sc}/students/{id}/immunizationsList existing immunization records (for dedup)
POST/api/v5/schools/{sc}/students/{id}/immunizationsWrite vaccination dose records

Supporting Endpoint

MethodRoutePurpose
GET/api/v5/vaccine-requirementsRetrieve district-wide vaccination schedule (one row per vaccine/requirement-number tuple). No school scope. Call this to determine which vaccines are required before writing doses.

Key Behaviors

  • POST is bulk — one request carries the full vaccines[] array. The server returns per-vaccine outcomes in Outcomes[].
  • GET returns { SchoolCode, StudentID, Outcomes: [...] }. Each entry includes a vaccine code and WrittenDoses — an ordered array of date or null per dose slot. Vaccines with no populated doses are omitted from the response.
  • The dedup key is (Code, WrittenDoses[index]) — a specific dose slot on a specific vaccine.
  • GET returns an empty array [] (not HTTP 404) when no immunization records exist for the student.

Security

GET requires Read and POST requires Insert on the Immunizations security area.


Medical Insurance

Overview

Create, read, update, and delete student medical insurance records (MII table) via the v5 API. This allows enrollment systems to write insurance information collected during enrollment directly into Aeries.

Endpoints

MethodRoutePurpose
GET/api/v5/schools/{sc}/students/{id}/medical-insuranceList existing insurance records (for dedup)
POST/api/v5/schools/{sc}/students/{id}/medical-insuranceCreate a new insurance record
PATCH/api/v5/schools/{sc}/students/{id}/medical-insurance/{sq}Update an existing insurance record
DELETE/api/v5/schools/{sc}/students/{id}/medical-insurance/{sq}Delete an insurance record

Key Behaviors

  • POST creates one MII row per call. Multiple policies per student are supported — each POST receives a fresh sequence number (MII.SQ).
  • GET returns an array. An empty array [] means no records exist. An invalid student or school returns HTTP 400 (Bad Request).
  • Callers should read existing records via GET before inserting to avoid duplicates. The server does not enforce a collision constraint.
  • The server validates CarrierCode against a code list.
  • Enroll Path currently uses GET and POST only. PATCH and DELETE are available in the full API.

Student Authorizations

Overview

Create, read, update, and delete student authorization records (AUT table) via the v5 API. This allows enrollment systems to write authorization data collected during enrollment directly into Aeries.

Note: Student Authorizations is a pre-existing, generally-available v5 endpoint supporting full CRUD. It is not gated by the v5 Enhancements flag and remains available when the flag is off. The Enroll Path enhancement is code-value validation applied on POST/PUT. Enroll Path’s enrollment workflow uses POST (insert) to create authorization rows; update and delete are pre-existing GA operations.

Endpoints

MethodRoutePurpose
GET/api/v5/schools/{sc}/students/{id}/authorizationsList existing authorization records (for dedup)
POST/api/v5/schools/{sc}/students/{id}/authorizationsCreate a new authorization record
PUT/api/v5/schools/{sc}/students/{id}/authorizations/{sq}Update an existing authorization record
DELETE/api/v5/schools/{sc}/students/{id}/authorizations/{sq}Delete an authorization record

Key Behaviors

  • One AUT row is created per authorization. Multiple authorizations per student require multiple POST calls.
  • Callers should read existing records via GET before inserting to avoid duplicate rows on re-runs.

Free and Reduced Price Meals Records

Overview

Two endpoints support Free and Reduced Price Meals (FRE) data via the v5 API, each with distinct behavior. Use the correct endpoint for your workflow.

Route A — Income Eligibility (/free-and-reduced)

MethodRoutePurpose
GET/api/v5/students/{id}/free-and-reducedList income eligibility FRE records for a student
POST/api/v5/students/{id}/free-and-reducedClose existing active record and insert a new one

POST behavior: Closes the student’s current active record (sets its end date) and inserts the new one. Request shape uses the income-eligibility fields: Code (F/R/N), ParentIncomeLevel, SchoolCode, FamilySize, Source. SchoolCode and ParentIncomeLevel are required. Close and insert are two separate saves; the operation is recoverable by retry if interrupted.

Route B — General FRE Record (/free-reduced-records)

MethodRoutePurpose
GET/api/v5/students/{id}/free-reduced-recordsList existing FRE records (for dedup)
POST/api/v5/students/{id}/free-reduced-recordsInsert a new FRE record
PATCH/api/v5/students/{id}/free-reduced-records/{sq}Update an existing FRE record
DELETE/api/v5/students/{id}/free-reduced-records/{sq}Delete an FRE record

POST behavior: Plain insert — assigns a fresh sequence number and does not close any prior record. The caller is responsible for de-duplication: GET existing records and PATCH/DELETE the prior active row before inserting, otherwise repeated POSTs accumulate rows. Carries the full FRE field set including the decline fields.

Key Behaviors (both routes)

  • Both routes are student-scoped only — there is no school code in the URL. FRE records are keyed by student permanent ID with no school code dimension.
  • The GET response for Route B includes approximately 42 columns, including ApplicationDate, EffectiveStartDate, EffectiveEndDate, SchoolCode, and Source.
  • The dedup key for Route B is ApplicationDate or EffectiveStartDate (year proxy).

Parent Survey Responses

Overview

Create, read, and merge-update Parent Survey Response records (PRS table) via the v5 API. This allows enrollment systems to write residence, military, and foster care survey data collected during enrollment directly into Aeries.

Endpoints

MethodRoutePurpose
GET/api/v5/students/{id}/parent-survey-responsesRetrieve existing PRS records (for dedup)
POST/api/v5/students/{id}/parent-survey-responsesCreate a new PRS record
PUT/api/v5/students/{id}/parent-survey-responsesMerge-fill update of an existing PRS record

Key Behaviors

  • This endpoint is student-scoped only — there is no school code in the URL. PRS rows are keyed on (ID, TY, SQ) with no school code dimension.
  • The record type is specified in the request body (not the route) via the type discriminator: 1 = Residence, 2 = Military, 4 = Foster.
  • PUT uses merge-fill semantics — only fields provided in the body are updated; omitted fields are left unchanged.
  • This endpoint writes PRS rows only. It does not write PGM (Program) records — admin staff handle that downstream via the standard Aeries confirm flow.
  • GET returns all non-deleted PRS rows, including confirmed (Status = 'C') rows. Confirmed rows are protected on update: a PUT against a confirmed row is rejected, so finalized responses cannot be overwritten.

School Supplemental Data

Overview

Sparse-update per-school student fields via the v5 API. This allows enrollment systems to write supplemental data to specific Aeries database columns without affecting other fields on the student record.

Endpoint

MethodRoutePurpose
PATCH/api/v5/schools/{sc}/students/{id}/supplemental-dataSparse-update per-school student fields

Key Behaviors

  • Uses sparse PATCH semantics — only the columns specified in the request body are written. Omitted columns are untouched.
  • Request body shape: { Columns: [{ ColumnCode, NewValue }] }.
  • ColumnCode values correspond to Aeries database column codes (for example, STU.ID2). Contact Aeries to obtain the full list of writable column codes.
  • Scoped by STU.ID (permanent ID), not the legacy STU.SN. The prior /UpdateSchoolSupplemental WebMethod that used SN still exists but is outside the Enroll Path permission bundle.

Frequently Asked Questions

What happens if I call a v5 enhancement endpoint without enabling the feature flag?

The endpoint returns HTTP 501 Not Implemented. No data is read or written. Exception: Medical History and Student Authorizations are pre-existing, generally-available endpoints that remain fully available when the flag is OFF. For these two endpoints, the flag governs only the new code-value validation behavior.

How do I grant a vendor access to these endpoints?

Navigate to the API Security page in Aeries and grant the appropriate security area permission to your vendor's API certificate. Each section above lists its required security area.

Does the student transfer endpoint withdraw the student from their current school?

No. The origin school record is not modified. If a withdrawal is required, that must be handled separately.

Can I search for students who are no longer active?

Yes. The district-wide student search returns both active and inactive/transferred students. The enrollmentStatus field in the response indicates the current status.

Are all of these endpoints available to all API vendors?

Each endpoint requires a specific API security area permission. District administrators control which vendors have access to each area on the API Security page. Parent Portal account provisioning is additionally restricted to registered Aeries Enroll Path vendors only.

Who should I contact to enable the v5 Enhancements feature flag?

Contact Aeries Software Support or the Aeries Product Team. Early access is currently limited to pilot districts.


Back to Top