Long-lived tokens now available

We're very excited to announce that in the coming weeks we'll be updating how the ORCID API works to provide more robust support for adding, updating and reading ORCID records. The first part of the update, to allow for long-lived permission for all access tokens, will be available for testing on the sandbox on October 6th and is scheduled to move to production on October 26th.

**If you are currently storing access tokens to read records let us know. This update will affect your integration.**


Providing and propagating a unique and persistent person identifier (ORCID iD) is ORCID’s primary mission. The ORCID record provides a user-friendly view of the connections between the ORCID iD and other identifiers for the individual, their research contributions, and their affiliations. 

Generally ORCID iDs are connected to other identifiers when organizations request them during a specific transaction. For example, a publisher can ask an individual for an ORCID iD during submission of a manuscript, and then publish that iD with the individual’s name in the accepted manuscript and submit the iD with article metadata to CrossRef. Ideally, this process would also include a step to update the individual’s ORCID record with the article DOI and related metadata. Similarly, funders would like to be able to update grantee ORCID records with funded project information, and universities would like to be able to update student ORCID records with thesis information. 
To help facilitate this collect-publish-update process, ORCID will be extending the timeframe during which ORCID Members may add new items or make updates to ORCID Records for which they have trusted party status granted by an individual. With this change, short-lived access tokens will continue to be valid for one hour, but an option for long-lived permissions which will last 20 years can also be requested.

As always, user control over privacy, and the edit and maintenance of their record are among ORCID’s Principles. These enhancements include provisions for this user control.

What do I need to do?

If you are already storing access tokens, let us know at support@orcid.org by October 26th. We’ll enable this feature on your sandbox credentials for testing, and your production credentials so there is no impact to your integration.

If you are interested in this feature but not currently storing access tokens, let us know at support@orcid.org and we’ll enable this feature on your sandbox credentials for testing.

If you are currently using update/put scopes to add information to the affiliations, funding, or works section of ORCID records, you must migrate to requesting an ‘add’ permission for posting new items by 2015.

If you are not storing access tokens, don’t want long-lived permissions, and are not asking for update permissions, you do not need to do anything.

Let us know if you have any questions.