ORCID members are required to adhere to our integration best practices so that researchers have a consistent experience across platforms. Below is a summary of the minimum our support team will check when reviewing member integrations:
- Collect authenticated ORCID iDs using OAuth.
- Implement OAuth by either:
- Using ORCID as a primary sign in option or
- Using an ORCID Branded button or link to initiate authentication of the iD from within your application
- Use only HTTPS redirect URIs for authentication
- Use relevant scopes for integration – note that you may collect permission from users based on for future integration plans
- Store the Name, ORCID iD and access token from token exchange response
- Do not allow users to search or manually enter their ORCID iD
- Do not request users change their visibility settings, or make their email publicly available.
- Implement OAuth by either:
- Display the ORCID iD in accordance with our iD display guidelines
- Use the latest API version
- Provide an explanation to your users describing the benefits of creating and using an ORCID iD, so they can understand why you are collecting this information and how your integration will benefit them
More details can be found in the integration checklist used by our support team. Our guidance on how to get started building an integration explains how to comply with these best practices