The process to get permission to add or update data on a user’s ORCID record uses OAuth, as described in our 3 Legged OAuth FAQ. Only ORCID members can use the Member API to ask for update permissions. In simple terms it works like this:
- Your local system creates a special link
- When clicked, the user is sent to ORCID, signs in and grants permission
- ORCID sends the user back to your system with an 'authorization code'
- Your system exchanges that code for an 'access token'
- The access token lets you update the user's record