API News & Updates

Preserving authentication and multiple access tokens

We’re making a couple changes to the OAuth workflow which will improve the workflow for site using ORCID sign in for authentication.

  1. If an active access token already exists with the same scopes and the user is logged into their ORCID record, they will not be prompted to grant authorization again. Instead they will be taken directly to the redirect URI.

XSD 1.2 Update

XSD 1.2 is now available on the production ORCID Registry and sandbox as a stable release version. On April 1, 2015 we will update the default ORCID Message Schema from version 1.1 to 1.2, and we will no longer support version 1.1 or release candidate versions of 1.2. After April 1, integrations that have not updated to version 1.2 may not work correctly.

ORCID API: Enabling Automatic Updates

To help facilitate the collect-publish-update process, beginning October 2014 ORCID will be extending the timeframe during which ORCID Members may add new items or make updates to ORCID Records for which they have trusted party status granted by an individual. With this change, short-lived access tokens will continue to be valid for one hour, but an option for long-lived permissions which will last 20 years can also be requested.*

Security Update: Heartbleed Bug

April 9, 2014. Due to the widespread Internet security vulnerability, nicknamed Heartbleed, ORCID has taken immediate steps to ensure the security of user accounts. This vulnerability is related to a cryptography library used to encrypt a large majority of traffic on the Internet. Information that is susceptible to attack includes private server keys, SSL certificates, and user session information.

XSD 1.1 Update

XSD 1.1 is now available on the ORCID Registry and sandbox as a release version XSD. On March 1, 2014 we will updated the API messages schema to version 1.1. This article describes this update and outlines changes that API users will need to put in place for this version.  Until March 1, 2014 the previous version of the XSD (1.0.23) will still be available as the default XSD. After March 1st integrations that have not updated to 1.1.0 may not work correctly.