There are a number of requirements that we expect all member integrations to meet. The ORCID team will ensure these requirements have been met as part of the integration review process.
- Use OAuth to authenticate ORCID iDs (Do not allow users search for or type in ORCID iDs.)
- Include an ORCID branded button or link on your site to initiate authentication of the iD.
- Present the OAuth authorization screen according to our guidelines
- Use HTTPS for your site's redirect URIs and on ORCID API calls
- Accept and store all data returned in the token exchange together with the user's data in your system
- ORCID iD: Your system will need to know the user's iD to read or update their record.
- Access tokens and refresh tokens to:
- Indicate that the ORCID iD has been authenticated
- Use to read or update the ORCID record at a later point (access tokens are valid for 20 years or until you or the user revokes them)
- Reissue access tokens if lost, or issue secondary access tokens for a limited scope or duration to third parties, e.g. service providers
- Permission scope: So you will know the permissions you have requested and received from the user, or the scope of any secondary tokens.
- Expiry: To know the duration of the permissions of the token.
- Use appropriate scopes and request methods (e.g. POST calls to add new information and PUT calls to update existing information)
- Accept and store put codes (if adding data to ORCID records): Every item that you add to the ORCID Registry will be returned with a put code by the ORCID API. Save this put code along with the item in your system—it’s how you’ll identify which item needs to be read or updated.
- Publicly display the authenticated ORCID iDs: Authenticated ORCID iDs should be displayed within your systems where the individual’s name is present, both in visual representation as well as in metadata. iDs should be displayed following our trademark and iD display guidelines.
- Provide an explanation about ORCID: Ensure your researchers know about ORCID and how you are integrating with us by providing an explanation clearly linked from wherever the user will be encountering ORCID in your system, including an explanation of your integration
Best practices