Access to the ORCID Public API requires a set of credentials consisting of a Client ID and a Client Secret. This guide describes the steps needed to obtain ORCID Public API credentials. ORCID members need not register for the public API as their member credentials can be used instead. To register for member credentials see Register a client application.
Public API credentials are tied to an individual’s ORCID record and cannot be transferred to another person. You will need to agree to the Public API terms of service before credentials are issued.
Organizational API credentials are available to organizations that support ORCID through a paid membership subscription. Learn more about ORCID membership.
We recommend that developers test the Public API in the sandbox testing server before using the production version.
We recommend that developers test the Public API in the sandbox testing server before using the production version. Below are the steps on how to register for public API credentials in both the Sandbox and Production environments.
- Sign into your ORCID record:
Production server: https://orcid.org/signin
Sandbox testing server: https://sandbox.orcid.org/signin - Click on your name in the top right hand corner
- Click Developer Tools from the menu option
Note: In order to access Developer Tools, you must verify your email address. If you have not already verified your email address, you will be prompted to do so at this point. - Click the “Register for the free ORCID public API” button.
- Review and agree to the terms of service when prompted.
Register an application
- After agreeing to the terms of service, you will be directed back to Developer Tools (https://orcid.org/developer-tools or https://sandbox.orcid.org/developer-tools). Complete the form presented to register a new application.
- Name: The name of your application. This will be displayed to users when they grant your application permission to get their ORCID iD, and it will be displayed in their Trusted organization list. We recommend using the name of your organization or service (e.g. a journal name).
- Website: The website the user can visit to learn more about your application. This will be displayed in their Trusted organization list.
- Description: Information about the application that you are developing and how you will use the user’s ORCID iD. This will be displayed to users on the OAuth screen.
- Redirect URIs: Once the user has authorized your application, they will be returned to a URI that you specify. You must provide these URIs in advance or your integration users will experience an error.
- Only HTTPS URIs are accepted in production.
- Domains registered MUST exactly match the domains used, including subdomains.
- Register all redirect URIs fully where possible This is the most secure option and what we recommend. For more information about redirect URIs, please see our FAQ
- Public API applications must have at least one redirect URI registered
- For testing, you can automatically add Google OAuth Playground URI by clicking “+Google OAuth2 Playground” under Test redirect URIs, or the ORCID Public API Swagger by clicking “+ORCID public swagger interface”.
- For more information, see About redirect URIs.
- Click the Save icon at the bottom of the form to generate your API credentials.
- To view your API credentials, click Show Details.
- Your API credentials – Client ID and Client Secret – are shown just beneath your redirect URIs. Below your credentials are sample URLs and API calls with your credentials pre-filled.
Use your credentials
Now that you have your credentials, it’s time to start using the ORCID Public API!
Please note that we can transfer your credentials to the member API if you become an ORCID member.