Authentication and OAuth

When requesting permission to interact with an ORCID user’s record, you specify one or more ‘scopes’. Each scope allows you to do certain things, such as read the record, or update a particular section. 3-legged (authorization code) scopes 3 legged refers to the three actors involved in obtaining permission from a user; ORCID, your system Continue Reading

To obtain /read-limited access, you must ask the researcher for permission. You do this using OAuth. Specifically, “3 legged OAuth”. For more information please see our API Tutorial: Read data on an ORCID record Was this helpful?Yes   NoAdditional Comments:Send Feedback

ORCID integrations use “3 legged OAuth” to authenticate users and request permission to interact with their records. Any integration can ask for read permissions using the Public API. ORCID members can use the Member API to ask for update permissions. It works like this: You create a special linkWhen clicked, the user is sent to Continue Reading

Anyone with public or member API credentials can receive a /read-public access token. To obtain a token, you make a call to the ORCID API token endpoint. This process is often referred to as the client-credentials OAuth flow, or 2-step OAuth. An example call to obtain an access token to read public data on the sandbox — Continue Reading

Token Delegation allows an ORCID member to transfer permissions granted to their own ORCID API client via their integration to another of their systems or to another ORCID member.  This allows the other system or other ORCID member to read/write to/from the researchers ORCID records on behalf of the original client depending on the permission Continue Reading