There are a number of requirements that we expect all member integrations to meet. The ORCID team will ensure these requirements have been met as part of the integration review process.
- Use OAuth to authenticate ORCID iDs (Do not allow users search for or type in ORCID iDs.)
- Include an ORCID branded button or link on your site to initiate authentication of the iD.
- Present the OAuth authorization screen according to our guidelines
- Use HTTPS for your site’s redirect URIs and on ORCID API calls
- Accept and store all data returned in the token exchange together with the user’s data in your system
- Use appropriate scopes and request methods (e.g. POST calls to add new information and PUT calls to update existing information)
- Publicly display the authenticated ORCID iDs. iDs should be displayed following our trademark and iD display guidelines.
Best practices