Anyone with public or member API credentials can receive a /read-public access token.
- To use the public API, follow the instructions to obtain your credentials. Please note that, when making use of the Public API, you must abide by the ORCID Terms and Conditions of Use and our API Public Client T&Cs.
- To use the member API, your organization must be an ORCID member, and you can apply for credentials at Register a client application: Production Member API
To obtain a token, you make a call to the ORCID API token endpoint. This process is often referred to as the client-credentials OAuth flow, or 2-step OAuth.
An example call to obtain an access token to read public data on the sandbox — replace the placeholders with your credentials (be sure to remove the brackets.
URL=https://sandbox.orcid.org/oauth/token
HEADER: Accept: application/json
METHOD: POST
DATA:
client_id=[Your public or member API client ID]
client_secret=[Your public or member API secret]
grant_type=client_credentials
scope=/read-publicYou will then be returned an access token similar to the following. The token returned is long-lived (not expiring for approximately 20 years) and can be used multiple times to retrieve public data from ORCID records.
{"access_token":"4bed1e13-7792-4129-9f07-aaf7b88ba88f","token_type":"bearer",
"refresh_token":"2d76d8d0-6fd6-426b-a017-61e0ceda0ad2","expires_in":631138518,
"scope":"/read-public","orcid":null}Note: All tokens with the /authenticate scope now also have /read-public scope included. If you use only the /authenticate scope, you can use the stored access tokens to read public data without needing to again obtain an access token.
Integrators using the member API can use the /read-public scope to read ORCID record summaries.