As a research organization, integrating with ORCID is an incredibly powerful way to support the researchers connected to you. We encourage integrations with the ORCID Registry to be bi-directional, so that institutional systems can both push and pull data to and from ORCID records. As other organizations that your researchers interact with add their data to the ORCID Registry, their records will continue to amass more data that can be reused with other systems that are connected with the ORCID registry, including yours.
We are committed to helping organizations integrate with the ORCID Registry, and earlier this year, we held the first webinar of the I’m a Member, Now what?! 2023 series to cover some basic information about integrations: what they are, best practices for using them, and some easy options for getting started on developing one. If you missed it, we encourage you to watch the recording and read our companion blog post.
This month, we held the second webinar of the series this year—this one about building custom integrations, which is an option for organizations that don’t have scholarly service provider systems with pre-built ORCID functionalities, or that have custom systems that have been developed in-house. Though custom integrations require more planning and resources to develop, our API is based on standard, familiar API technologies.
With a custom integration, ORCID member organizations can:
- Use ORCID as a sign-in option for institutional systems
- Get authenticated ORCID iDs
- Read data from both public and trusted parties’ ORCID records
- Write data to ORCID records
- Configure webhooks notifications to get systems synchronized with ORCID (Note: This is a Premium member benefit.)
Of course, there are some minimum requirements that are necessary for custom integrations to work with your systems, including:
- Use HTTPS for your site’s redirect URIs and on ORCID API calls
- Accept and store all data returned in the token exchange together with the user’s data in your system
- Use appropriate scopes and request methods
The scopes, which are specific actions applications can be allowed to do on a user’s behalf, indicate the variety of actions available for custom integrations, including:
- /authenticate → collect authenticated ORCID iDs and read public information
- /read-public → read public information on a single ORCID iD or perform searches
- /read-limited → read public and limited visibility items on a record
- /activities/update → write, update and delete items in the sections for affiliations, funding, works, peer reviews and research resources
- /person/update → write, update and delete items in the sections for other names, countries, keywords, websites & social links and other IDs
- /webhook → enables applications to be informed when data within an ORCID record is changed
- openid → OpenID Connect is an identity layer on top of the OAuth 2.0 protocol
Once a researcher has granted the necessary permissions, the application can perform actions on their ORCID record using the API. With HTTPS request methods, client applications can perform actions such as read data (GET call), add new data (POST call), update existing data (PUT call) and delete data (DELETE call).
We have extensive API Documentation and once you have decided the most appropriate workflow for your system, you may begin testing in the sandbox. The sandbox testing server is a copy of the ORCID Registry software, where you will be able to try things out without affecting any real ORCID iDs.
You can request sandbox credentials even prior to joining ORCID as a member organization, if you want to begin testing. However, direct support is only available for member organizations.
ORCID also hosts documentation that will help you with any troubleshooting, including the common API error guide. If your organization is already an ORCID member, you will have support from your consortium lead organization (if you are a consortium member) or directly from ORCID. Once your development in sandbox has been completed, our consortium lead organization or the ORCID team will review that it meets the minimum requirements to be able to generate production credentials. Also note that, if you were using the public API and your organization becomes an ORCID member organization, we can transfer your credentials to the member API.
If the minimum requirements for an integration are met, then your custom integration can be launched with ease. Throughout this process it is important to engage with your community to prepare them for launch and to maximize organizational adoption.
In the last year alone, ORCID has helped over 60 organizations achieve a successful custom integration, and we are here to help identify and plan the one that is right for your situation. With so many options for integrating with the ORCID Registry, and avenues for support available, you will be able to choose a solution that will help you achieve your organization’s goals.
Before getting started on your custom integration, read our documentation about suggested workflows, and for more information about how to plan and execute a successful custom integration, reach out to our Engagement team (or your consortium lead if you are a consortium member).
If you want to integrate with the ORCID registry, but your organization isn’t a member yet, reach out to [email protected].
