Highlights
- We are implementing new API Traffic Management controls to help ensure that costs of supporting ORCID are shared fairly among our community, and that the heaviest users of our services shoulder their fair share of the burden
- In February 2025, ORCID will begin to implement daily Usage Quotas and change the Rate Limit for the Public and Anonymous APIs
- The Member API will not be changed, and ORCID members will not be impacted
- We anticipate this will affect less than 1% of our Public or Anonymous API clients
Like other PID infrastructure organizations, ORCID adoption continues to grow worldwide, and requests for access to data held in the ORCID registry are growing right along with it. Part of ORCID’s mission as a community-driven non-profit infrastructure organization is to ensure that ORCID data is made available freely and openly, and with as few barriers to access as possible, to anyone who might want to use it. We achieve this through the annual release of our public data file, as well as by providing our public APIs—both the Public (registered) and Anonymous APIs—which anyone may use free of charge to query and access all of the public data in the ORCID registry. These services are very well used. The public data file is typically downloaded many thousands of times a year, and our public APIs typically handle 100M–150M requests per month.
Another key part of our mission is to ensure our sustainability. Our goal is to provide persistent identifier services, and we want to ensure that we are around for the long term to fulfill this promise. We are very grateful for the support of our 1,400+ organizational members who make it possible for us to financially sustain ourselves. In the spirit of equity, we also want to ensure that costs of supporting ORCID are shared fairly among our community, and that the heaviest users of our services shoulder their fair share of the burden. With ever-growing usage, we’ve been taking a close look at the patterns of access to our APIs in recent months, and have noticed that there are a small number of clients that are making a very large volume of calls, compared with the vast majority of more modest users. To help us manage this usage, we will be introducing some changes to the way that we manage API traffic in 2025.
Since the beginning, ORCID has had generous API Rate Limits (specifying the maximum number of requests per second that can be made by each API client) across all our APIs — Member, Public, and Anonymous. These serve primarily to maintain the health of our systems and to ensure excessive usage by one client does not impact access for everyone else. We now plan to implement new Usage Quotas in early 2025 (specifying the maximum number of requests that can be made in a day by each API client) for our Anonymous and Public APIs, as outlined further below. We will also be reducing the rate limit on those same APIs. The vast majority of API users will be unaffected by these quotas; we anticipate they will affect less than one percent of current Anonymous and Public API clients! As we will not be introducing a Usage Quota or changing the Rate Limit for the Member API, we do not anticipate any of our members will be impacted.
How is API Traffic Managed?
- Rate Limits: the number of requests that can be made to an API client within a defined period of time, i.e, 24 requests per second
- Usage Quotas: The maximum number of requests that can be made during a defined period of time, e.g. a 24-hour period
Balancing the goals of enabling access to ORCID data with our long-term sustainability
When we began the process of considering changing the usage limits of our APIs earlier in the year, our goal was to encourage the small number of high-volume, sometimes commercial, users of our public APIs to share the in the costs of supporting them, while maintaining the lowest possible barriers to use for smaller-scale, often non-commercial integrations, in alignment with one of our 10 founding principles:
“ORCID identifiers and record data (subject to privacy settings) will be made available via a combination of no-charge and for-a-fee APIs and services. Any fees will be set to ensure the sustainability of ORCID as a not-for-profit, charitable organization focused on the long-term persistence of the ORCID system.”
Earlier in 2024, we performed a detailed analysis of Anonymous and Public API traffic to accurately model the impact of various scenarios so that we could determine which one best met these dual goals. We collected several month’s worth of usage data for all clients that made over 1,000 API calls per day, clustering usage from similar IP address ranges of the anonymous API, as some parties appear to be accessing the API simultaneously from multiple servers in order to circumvent our current rate limit.
Our analysis revealed that a handful of Anonymous API clients are generating the vast majority of API calls—80% of the total registry traffic—with some Anonymous API clients single-handedly making around 1M calls a day. These are the clients that will be primarily impacted by the new Usage Quotas. We discussed our analysis with the ORCID Board, reviewing various scenarios, taking into consideration strategic, risk, and equity implications of each. The Usage Quotas outlined below were approved by the Board at their September 2024 meeting.
API Traffic Management helps ORCID’s community contribute equitably to our sustainability
ORCID’s current Rate Limit is 24 requests per second for the Member, Public, and Anonymous APIs. There are currently no Usage Quotas for any of our APIs.
In February 2025 we will begin to implement daily Usage Quotas and change the Rate Limit for the Public and Anonymous APIs as follows:
| New API Limits | Anonymous API | Public (registered) API | Member API — Unchanged |
| Rate Limit | 12 req/sec | 12 req/sec | 24 req/sec |
| Usage Quota | 25k reads/day (Per IP address) | 100k reads/day (per Client ID) | No Usage Quota |
The Usage Quota for the Anonymous API will be rolled out in incremental steps over several months to give clients time to adapt.
We anticipate that this will affect less than 50 of our Anonymous and Public API clients (out of 5,700 active integrations!). We will not be introducing a Usage Quota for our Member API, and the Rate Limit remains unchanged. This means that an ORCID Member organization taking full advantage of our current Rate Limit will still be able to make almost 2M requests per day, which is well above the usage patterns revealed by our analysis, so we don’t anticipate any of our members will experience disruption of any kind.
ORCID will always provide our annual Public Data File free to anyone who wishes to download it, however it’s crucial that we ensure fair and equitable access to the data found in the ORCID registry now and into the future. Reviewing our approach to API traffic management is one part of this. In October, we updated our “Public APIs Terms of Service” (formerly known as the “Public Client Terms of Service”) which further specify the terms of use for both our Public and Anonymous APIs. In it we:
- Clarified that the terms apply to both our Anonymous (non-registered) and Public (registered) APIs
- Clarified the definition of ‘commercial use’
- Explained that in addition to throttling, we may use rate limits or apply usage quotas to manage traffic to the Public APIs
- Explained that you must adhere to our posted rate limits and usage quotas when accessing the Public APIs
- Explained the circumstances under which we will agree to transfer your Public API credentials to your organization via the Member API
- Clarified the circumstances under which you may use data obtained from the Public APIs for marketing communications, in order to comply with privacy regulations
- Added a note regarding the status of translations of the Terms of Service
We encourage non-commercial users of our Anonymous API whose usage is above 25k reads/day but below 100k reads/day to register for a free Public API key via their My ORCID page. This will enable us to better understand who is making high-volume usage of our APIs, and contact them if their usage reaches a level where it might impact other Public API users. For those organizations who make non-commercial usage of our APIs above 100k reads/day, and for all commercial API access, we encourage you to consider joining ORCID as an organizational member, which offers a host of other benefits, including real-time synchronization with the ORCID public data file, as well as API access with no Usage Quotas and a generous Rate Limit.
By implementing modest Usage Quotas and adjusting the Rate Limit for Anonymous and Public API clients, we are confident that we will be able to maintain the integrity and availability of our services—even as demand grows—in a way that will ensure our long-term sustainability and facilitate our ability to grant equitable access to our data. If you have any comments or questions about the upcoming changes for users of the Public or Anonymous APIs, or updates to the Public API Terms of Service, please feel free to post in our API Users Group forum.
