Anyone with public or member API credentials can receive a /read-public access token. To obtain a token, you make a call to the ORCID API token endpoint. This process is often referred […]
Authentication and OAuth
How do I get a “/read-limited” access token?
To obtain /read-limited access, you must ask the researcher for permission. You do this using OAuth. Specifically, “3 legged OAuth“. For more information please see our API Tutorial: Read data […]
How does “3 legged OAuth” work?
ORCID integrations use “3 legged OAuth” to authenticate users and request permission to interact with their records. Any integration can ask for read permissions using the Public API. ORCID members […]
What is an OAuth scope, and which scopes does ORCID support?
When requesting permission to interact with an ORCID user’s record, you specify one or more ‘scopes’. Each scope allows you to do certain things, such as read the record, or […]
How do I force a user to logout?
If you are concerned with multiple users being on the same machine and not signing out between sessions, you can force them to re-authenticate during the OAuth process. Simply include prompt=login in […]