Please also review the article OAuth Access Tokens for more information about obtaining access tokens for these scopes.
3-legged OAuth scopes
These scopes are used in the OAuth authenticate process where the user grants the specific permission asked for. These scopes should be used with all versions of the API, as scopes are not version specific. Tokens with these scopes are long-lived and do not expire for approximately 20 years unless revoked by your system or by the user.
Multiple scopes can be requested in a single interaction by listing the scopes in the authenticate URL with an encoded space between each, such as scope=/read-limited%20/activities/update%20/person/update
This scope is used when the client system will collect the ORCID iD but does not need access to read-limited data or will use the ORCID system as an authentication provider. All other 3-legged scopes include the authenticate permission, so this scope can be omitted if asking for any other access. This scope is available on the Member or Public API.
This scope is used to get access to read public and limited visibility items on an ORCID record. This scope is only available on the Member API.
This scopes is used to write, update and delete items in the education, employment, funding, works and peer-review sections of an ORCID record. This scope is only available on the Member API.
This scopes is used to write, update and delete items in the other-names, keywords, countries, researcher-urls, websites, and personal external identifiers sections of the record. This scope is only available on the Member API.
If you want full access to read and edit a record include three scopes in your authenticate URL: /read-limited, /activities/update and /person/update. In the URL they would appear as scope=/read-limited%20/activities/update%20/person/update
2-Legged OAuth/Client Credential Scopes
Two legged OAuth scopes are requested directly from the ORCID API and do not require the researcher to grant permission. Tokens with these scopes are long-lived.
This scope is used to read public information on a single ORCID iD or search for ORCID records. This scope is available on the Member or Public API.
This scope allows a client application to register a webhook on an ORCID record, in order to receive notifications when a record is updated. This scope is available to premium ORCID members only. If you are not a premium member, but wish to test this function in the Developer's Sandbox, please contact ORCID Community.
Table of ORCID Scopes
|Scope||Activity||Method & Request||Obtain Access Token Through||Expires In||API|
|/authenticate||Get an ORCID iD or Authenticate using ORCID||No API call. Client retrieves OAuth access token only.||3-legged OAuth||When expired or revoked by user||Public and Member API|
|/read-limited||Read public and limited visibility items on a record||GET||3-legged OAuth||When expired or revoked by user||Member API|
|/activities/update||Add, update and delete research activities||POST, PUT, DELETE||3-legged OAuth||When expired or revoked by user||Member API|
|/person/update||Add update and delete personal information||POST, PUT, DELETE||3-legged OAuth||When expired or revoked by user||Member API|
|/read-public||Read public information on a record and search for records||GET||Client credentials||When revoked by ORCID||Public and Member API|
|/webhook||Register a webhook||PUT||Client credentials||When revoked by ORCID||Premium Member API|
Earlier version of the ORCID API had additional scopes. These scopes will be phased out with the 2.0 API. We encourage all integrations to only use the six scopes above. For reference the earlier scopes are listed below with the current scope that should be used instead
- /orcid-profile/read-limited use instead /read-limited
- /orcid-works/read-limited use instead /read-limited
- /orcid-bio/read-limited use instead /read-limited
- /orcid-works/create use instead /activities/update
- /orcid-works/update use instead /activities/update
- /affiliations/create use instead /activities/update
- /affiliations/update use instead /activities/update
- /funding/create use instead /activities/update
- /funding/update use instead /activities/update
- /orcid-bio/update use instead /person/update
- /orcid-bio/external-identifiers/create use instead /person/update