Create ORCID records on demand

Organizations looking to promote ORCID adoption among their faculty, researchers, students, or others can help them create ORCID records by setting up a facilitated create on demand process.

Create on demand is a flexible option that allows your users to create a new record whenever they wish. At the same time, your organization can explicitly request permission to read or update their records, if needed. Users who already have an ORCID iD can use the same process to connect their existing iD to your system and grant your system access to their record.

  1. System requirements
  2. Prompt users to create or connect an ORCID iD
  3. Get and store iDs and access tokens
  4. Display the user’s iD in your system
  5. Take your system one step further: Read and update ORCID records

System setup

Please be sure to check that your system meets the requirements below.

  • Your system must be able to accept and store ORCID iDs together with the researcher’s information.
  • Your system must be able to capture a six-digit authorization code and exchange it for an access token immediately.
  • Your system must also be able to accept and store persistent access tokens together with the researcher’s information. We also strongly recommend that you store all of the token response, including refresh tokens, scopes, and token expiry, as these can be useful if access tokens are lost, if you want users to expire their access token from within your system, or if you upgrade your system to support new scopes.
  • Customized communication points: We recommend creating at least three:
    • Start: Where users can initiate the creation process.
    • Connection-success: The page the researcher will be redirected to after successfully authorizing the connection with your system. It should display their ORCID iD and can also display a thank you or acknowledgement message.
    • Connection-failure: The page the researcher will be redirected to after denying authorization to your system. It should give the reasons you requested permission from the researcher and again offer the opportunity to grant permission.
  • Log interactions: Your system should record both calls made to the ORCID API and responses received; this is necessary so our team can help if a problem develops later.

Prompt users to create or connect an ORCID iD

Invite users to create their ORCID iD: Create custom communications to your users to explain what ORCID is and how it is beneficial for them. This can be in various locations, for example, a customized email sent to new researchers or a page within your library system.

Provide a hyperlinked ORCID-branded button: Using the green ORCID iD icon consistently helps ensure that researchers associate it with being asked to securely provide their iD, which in turn builds trust in ORCID as a reliable identifier.

Example button graphics and code

Tip: You can streamline the process by pre-filling the registration form with the researcher’s name and email address -- they will then only need to set a password and agree to the ORCID terms of use. See Customize the user experience.

Configure the button’s link to use your API credentials and request permissions to access the researcher’s ORCID record: If you are only planning to collect and display ORCID iDs within your system, then you need only /read-limited access to an ORCID record. (For the Public API, replace this with /authenticate.) For information on requesting permission to update ORCID records, see add or update data on ORCID records.

The below example requests permission to read data visible to trusted parties for ORCID records on the sandbox testing server. It can be directly pasted into your browser’s address bar for testing purposes, but we recommend replacing the client ID and landing page (redirect URI) with your own API credentials.
   client_id=[Your client ID]&
   redirect_uri=[Your landing page]

Once the user clicks on the link, they will be taken to the ORCID OAuth sign-in or registration page and given the option to grant your system the requested permissions. 

Get and store iDs and access tokens

Your system will now need to exchange the code for an access token -- the second part of the three-legged OAuth authentication.

Once the user clicks Authorize, a new ORCID iD is created or the researcher is signed into their ORCID account and simultaneously authorizes the connection with your system. They are then sent back to your landing page -- the Redirect URI specified in the OAuth link. Attached to the end of that URL will be a six-digit authorization code:

Authorization Code

At this point, your system’s user interface should display a helpful message to the researcher, e.g. “Thanks for connecting your ORCID iD!” or simply display their iD in full—see Display below.

In the system backend, immediately exchange the authorization code. The authorization code expires upon use.

  HEADER: accept:application/json
     client_id=[Your client ID]
     client_secret=[Your client secret]
     code=[six-digit code]
     redirect_uri=[Your landing page]

  Example call in curl

ORCID will then return the researcher’s validated ORCID iD and an access token, along with the token's expiry, scope (granted permissions), and the name on the ORCID record:

"scope":"/read-limited","name":"Sofia Garcia","orcid":"0000-0001-2345-6789"}

Store the ORCID iD, access token, refresh token, expiry, and scope in your system along with the researcher's data. 

If the user denies your system access: ORCID returns the researcher to the specified landing page and attaches an error message:

https://[Your landing page]?error=access_denied&error_description=User%20denied%20access

Your system should read this and automatically direct the researcher to the connection-denied landing page. We strongly recommend that you explain more fully to the researcher why you are collecting ORCID iDs and requesting permission to access their record, and prompt them again to sign in and authorize the connection to your system.

3. Display the user’s iD in your system

Now that you’ve collected your user’s ORCID iD, let them -- and everyone else -- know! By clearly displaying the ORCID iD in your profile pages, institutional repository, or other parts of your system, the user will know that they have successfully connected and validated their identity. Format the iD as a hyperlinked URI and include the green iD icon, per our iD Display Guidelines.

ORCID iD icon

Take your system one step further

After you’ve helped your users create and/or connect their ORCID iDs to your organization, you can take things one step further by helping them keep their ORCID records up to date or using data on their ORCID records added by them and other systems to keep your systems up to date.

  1. Read ORCID records to update your system data: Use the ORCID iD and access token that you've stored to read the user's ORCID record and populate your system with ORCID record information. Learn more at Read data on ORCID records.
  2. Update ORCID records: Use the ORCID iDs and access tokens that you've stored to post information from your system, such as institutional affiliation, links to institutionaprofiles, publications, funding items, or peer review activity, to users' ORCID records. Learn more at Add or update data on ORCID records.