We've recently updated ORCID'S Privacy Policy to be simple to understand and easy to navigate. We invite you to read it here.

Connecting research and researchers

You are here: Home / Documentation / Collecting and sharing ORCID iDs

Collecting and sharing ORCID iDs

Why it’s important to collect authenticated ORCID iDs

ORCID strives to enable transparent and trustworthy connections between researchers, their contributions, and their affiliations by providing a unique, persistent identifier for individuals to use as they engage in research, scholarship, and innovation activities. Ensuring that the correct ORCID iD is associated with the right researcher is a critical step in building the trustworthiness of the ORCID dataset and the broader scholarly communications ecosystem. For this reason, ORCID does not permit the manual collection or entry of ORCID IDs in any workflow where it is possible to collect ORCID IDs directly from record holders themselves.

Researchers can easily and securely share their ORCID iDs with the systems they interact with, which proves they own their ORCID iD. Those systems can then share information about researcher activities with other systems, which creates a chain of validated and trusted assertions about researcher activity. The end result is that the correct person is associated with the correct activities across a broad range of scholarly information workflows.

How it works

Integrating ORCID into your system allows your organization to collect authenticated ORCID iDs and add them to your own data. At the same time, the researcher provides the organization permission to read and write to and from their ORCID record. 

To make this work, organizations MUST obtain authenticated ORCID iDs using the ORCID OAuth API.  This means they include an ORCID branded button or link within their system, that when clicked, asks the user to sign in to their ORCID record.

Image showing a sign in with ORCID button on a demo manuscript submission system page plus the ORCID Sign in page

Once signed in, the user will be asked to authorize access to the system asking for their ORCID iD

Image showing ORCID OAuth authorise screen with who is asking permission and what permissions they are requesting

The user’s ORCID iD and name on the ORCID record (depending on visibility settings) is returned to the organization as part of this process.   The system can then request additional data from the ORCID API.

The above described workflow for collecting authenticated APIs is available in both ORCID’s public and member APIs. The former is available for use free of charge by non-commercial services.

Including authenticated ORCID iDs in the metadata passed downstream

Authenticated ORCID iDs should be embedded into any research output metadata exported by your systems, enabling them to be used throughout scholarly communication workflows.

Permissible uses of unauthenticated ORCID iDs within systems

There are a small number of situations where the use of unauthenticated ORCID iDs is acceptable within certain workflows/systems. These are typically cases when it’s not possible to directly interact with the user to collect their ORCID iD via the authenticated workflow described above. These use cases are currently limited to:

  • Library and information management systems that allow qualified administrators (e.g. Librarians) to associate unauthenticated ORCID iDs with research outputs via curation workflows. In this use case, collected ORCID IDs should be checked for existence in the ORCID registry, and the data in the ORCID record should be checked for compatibility with locally held data. Obvious mismatches should be flagged for further review and correction by the curators. 
  • Large database integrations that harvest data from ORCID in bulk and use this to enhance their own data or help match authors/researchers with their outputs using their own matching algorithms. 

Use of search or matching functionality to link ORCID IDs based solely on researchers’ names is not recommended in these cases, as many researchers share the same name, resulting in poor quality metadata and misattribution.

Whenever unauthenticated ORCID IDs are shared with other systems, for example via data exports, data dumps, or API integrations, it must be made clear that the ORCID iDs are unauthenticated within the provided metadata. This can be achieved via appropriately tagging the unauthenticated ORCID IDs in the system’s export schema.

If you believe you have a use case other than those described about which justifies the use of unauthenticated ORCID IDs, please reach out to the ORCID team to discuss prior to starting implementation. 

Displaying ORCID iDs as per our Brand Guidelines

When iDs are publicly visible within systems or metadata then the iD should be displayed as per our brand guidelines