When requesting permission to interact with an ORCID user’s record, you specify one or more ‘scopes’. Each scope allows you to do certain things, such as read the record, or update a particular section.
3-legged (authorization code) scopes
3 legged refers to the three actors involved in obtaining permission from a user; ORCID, your system and the user themselves.
/authenticate 
This scope is used to collect the ORCID iD and read public information on the record only. All other 3-legged scopes include the authenticate permission, so this scope can be omitted if asking for any other access. This scope is available on the Member or Public API.
/read-limited (Member API only) 
This scope is used to get access to read public and limited visibility items on an ORCID record. This scope is only available on the Member API.
/activities/update (Member API only) 
This scope is used to write, update and delete items in the affiliation, funding, works, professional activities, research resources and peer-review sections of an ORCID record. This scope is only available on the Member API.
/person/update (Member API only)
This scope is used to write, update and delete items in the other-names, keywords, countries, researcher-urls, websites, and personal external identifiers sections of the record. This scope is only available on the Member API.
openid
This scope is used by OpenID integrators when an id_token is required. When the openid scope is included, the Registry will return an id_token inside the token response and grant the client permission to access the user info endpoint for that user. This scope is available on the public and member API.
Please note that the ‘openid’ scope does not start with a ‘/’ like the other ORCID API scopes. This is because the ‘openid’ scope is not defined by ORCID, but instead defined by the OpenID Connect specification. Please see our OpenID documentation for more information.
Multiple scopes
Multiple scopes can be requested in a single interaction by listing the scopes in the authenticate URL with an encoded space between each, such as scope=/read-limited%20/activities/update%20/person/update
Complete access
If you want full access to read and edit a record include three scopes in your authenticate URL: /read-limited, /activities/update and /person/update. In the URL they would appear as scope=/read-limited%20/activities/update%20/person/update
2-legged (client credential) scopes
For some activities you do not have to ask the user for permission. Two legged OAuth scopes are requested directly from the ORCID API and do not require the researcher to grant permission. Tokens with these scopes are valid for 20 years and can be reused
/read-public
This scope is used to read public information on a single ORCID iD,search for ORCID records or to read summary information (member API only). This scope is available on the Member or Public API.
/webhook
This scope allows a client application to register a webhook on an ORCID record, in order to receive notifications when a record is updated. This scope is available to premium ORCID members only.