API News & Updates

Public API now only supports API 2.0+

Today we sunset version 1.2 of the public API. Going forward, any public clients using v1.2 in their calls will get an error message. 

API defaults to 2.0 in February, 1.2 no longer supported on Public API from March

From February 1, 2018: the default version used for API calls will move from version 1.2 to 2.0

This change will only affect calls that do not specify the version. As we always encourage all clients to specify a version, we hope this change will not cause any problems. If your integration does not currently specify a version you can add ‘v1.2’ to your calls - but you will still need to complete the upgrade to version 2.0 or 2.1 ASAP.

API 2.1 now live

We are delighted to announce that the latest version of our API - version 2.1 - is now live. 
The only difference between 2.0 and 2.1 is in the format of the ORCID iD, now updated to the HTTPS canonical form: https://orcid.org/0000-0001-2345-6789. There are no other functional changes to API calls or the XSD in this release. If you prefer to stay on 2.0, please rest assured it will receive the same support and sunset date as 2.1 (and we hope to push the sunset date out as far as possible).

Auth code behavior update: Tokens revoked if same auth code is used twice

Starting November 14, 2017, when an authorization code is used to generate access tokens twice, then all access tokens and refresht okens resulting from that authorization code will be revoked. We do not expect this change to affect any integrations but wanted to make everyone aware of the update.

Currently authorization codes can only be used once and must be used within 10 minutes of being generated.