Introduction to OAuth

This guide provides a basic introduction to OAuth and how it is used by the ORCID API.

OAuth is an open standard that provides client applications delegated access to a resource on behalf of the resource owner. With OAuth, a user can authorize a third-party system to access their account and resources without sharing their login information. ORCID uses version 2 of the OAuth protocol. Many internet users will have encountered OAuth connections before, as it is the technology that lets users sign into sites using third-party accounts -- for example, how userscan sign into ORCID using their Google or Facebook accounts.

If you have not used OAuth before we recommend starting with a general guide about how OAuth 2.0 works. Two we recommend are:

OAuth access tokens are required to make calls to ORCID API. The way that you will obtain these tokens will depend on how you are interacting with the system.

Each access token has a particular scope (a set of permissions), or multiple scopes, associated with it. Once you have an access token, you will be able to make requests to the API within that scope.

If you Use
Want to get a researcher's verified ORCID iD, or read or update a researcher’s ORCID record (including trusted information) 3-legged OAuth
Want to read a researcher’s public ORCID record or search public information in the Registry using the API 2-legged OAuth /
Client credentials
Want to register a webhook to receive a notification when a researcher’s ORCID record is updated 2-legged OAuth /
Client credentials