To ensure that you build the best possible integration for your institution, your researchers, and the wider community, we recommend that you consider the following best practices:
- Customize the user experience: Use data your system has stored to pre-fill the OAuth sign in/registration screen. You can also include state parameters to identify the user in your system or change the display language on ORCID.
- Provide a workflow for users if they deny your system permission: Provide a message to users which clearly explains what ORCID is, why your system is requesting permission to their ORCID record, and what you will do with that permission, and offer the option to again grant permission.
- Provide an option for users to remove their ORCID iD and data from your system: In rare cases, a user may wish to remove their iD from your system, or they may have connected the wrong ORCID iD. Ensure that any active access tokens are also revoked by your system at the same time.
- Update added items when corrections are needed using the item’s unique put code.
- Provide descriptive error messages and a support contact to your users when an interaction does not go as expected.
- Display the ORCID member logo (contact us to receive it)
- Create a consistent user experience by associating the iD icon with a trusted assertion process. Our ORCID Brand Guidelines for Members and Partners will take you through the process for setting up the display of the iD icon in your system, as well as outline do’s and don'ts of displaying the ORCID brand.
- Use the access token to check for existing permissions: Once you have received permissions from the user once, you should not need to request them again.