Anyone premium member can obtain a ‘/webhook’ access token. A single token can be used to register webhooks for multiple records. To obtain a token, you make a call to the ORCID API token endpoint.
This process is often referred to as the client-credentials OAuth flow, or 2-step OAuth.
Below is an example call to obtain the access token — replace the placeholders with your credentials (be sure to remove the brackets.)
curl -i -L -H "Accept: application/json"
-d "client_id=(your client ID)"
-d "client_secret=(your client secret)"
-d "scope=/webhook"
-d "grant_type=client_credentials"
"https://sandbox.orcid.org/oauth/token"
You will then be returned an access token similar to the following.
{"access_token":"5eb23750-1e19-47a3-b6f6-26635c34e8ee",
"token_type":"bearer",
"refresh_token":"c7d3d5fd-e4c0-4825-89f2-7cfb4a1cf01e",
"expires_in":631138518,
"scope":"/webhook"}