There are a number of requirements that we expect all member integrations to meet. The ORCID team will ensure these requirements have been met as part of the integration review process.
- Use OAuth to authenticate ORCID iDs (Do not allow users search for or type in ORCID iDs.)
- Present the OAuth authorization screen according to our guidelines
- Include an ORCID branded button or link on your site to initiate authentication of the iD.
- Use HTTPS for your site’s redirect URIs and on ORCID API calls
- Accept and store all data returned in the token exchange together with the user’s data in your system
- Use appropriate scopes and request methods (e.g. POST calls to add new information and PUT calls to update existing information)
- Publicly display the authenticated ORCID iDs. iDs should be displayed following our trademark and iD display guidelines.
- Do not request users to change their visibility settings for items on their ORCID record to use your integration.