Members setting up vendor systems with the ORCID API – updated

Summary

This is an updated page that provides an overview of how to connect a vendor system that is ORCID-enabled to the ORCID API

Many of the UK consortium member institutions use vendor systems that are ORCID-enabled (like a CRIS or a repository). This means that the institution simply needs to obtain institution-specific credentials from ORCID for the member API which can then be set up in the vendor system. This blog post provides a convenient walk-through of the ORCID pages and information that are most relevant to those using vendor systems, in order to get credentials and set them up in the CRIS (or repository) system to connect to the ORCID member API. It draws on existing ORCID documentation to deliver a dedicated path to be followed by those that meet this specific use case (see: who can use these instructions?). It does not attempt to address all the information related to vendors that are ORCID-enabled and their system set-up. ORCID have a certified provider programme in progress to document vendor systems that are recognized to adhere to best practices – read more about ORCID Certified Service Providers List. Further vendor-specific information should be obtained from system suppliers.

Who can use these instructions?

These instructions assume that you are already a member organisation of ORCID (e.g. by joining the UK ORCID consortium through Jisc) and that you are using a system that is considered integration-ready. The list of systems that are considered ORCID-integration-ready can be found in the ORCID List. The research information systems on that list include Symplectic Elements and there are other systems that are in the process of re-certifying (and the information below still applies, but please do email us to check if you wish to confirm). As of August 2024, although PURE from Elsevier is not listed, they are in process of re-certifying.

What are member credentials and what does integration-ready mean?

All members of the UK JISC ORCID consortium acquire membership at the premium and consortium access level, and can access the ORCID member API if they have an appropriate integration. Client applications (including vendor integrations) that make calls to the ORCID API need to present credentials as a means of proving identity and right to access the API at the correct level. The credentials consist of a client ID and a client secret. Institutions need to apply to ORCID for their credentials to be used with their vendor system, by filling in a client application form. In order to be issued with member API production credentials, applications are required to meet best practices as set out by ORCID within the Integration best practices section of their integration guide. Vendor systems listed in the ORCID certified provider list (and others in the re-certification process) have already been considered by ORCID to meet the best practices and are therefore integration-ready. This means that an institution using one of these systems can move directly to applying for member credentials.

Applying for production member credentials.

The form to register a client application Production Trusted Party should be filled in to request member credentials from ORCID. An ORCID FAQ on filling out the parts of the form is available. If you need further assistance with filling out the form, please ask the Jisc ORCID support team for help using help@jisc.ac.uk and adding ORCID somewhere in the subject.

Some helpful tips

• The process is not fully automated, therefore there may be a small delay (hours to a couple of days) between filling in the form and the credentials being sent
• For the first time that you set up the vendor system, and if you have not registered for credentials for this vendor system before, select No for Update existing credentials?
• The application credentials consist of a Client ID (consumer KEY) and Client Secret (consumer SECRET). Your application will use these credentials as it interacts with the ORCID API. They look like this: client ID: APP-NPXKK6HFN6TJ4YYI client SECRET: 060c36f2-cce2-4f74-bde0-a17d8bb30a97
• To use your client iD you’ll also need your client secret. You will need to provide a second email address. For security, the client secret is sent separately to the client ID and ORCID require a different contact email to send the secret to. This could be a trusted colleague or a team email.
• Make sure you mention that you are using a vendor system, name the system and the version, when completing the notes for staff. This will be useful information if you require further assistance and it helps future planning and communications, since vendor system versions and their capabilities are taken into account when considering moving between ORCID API versions, deprecating features that older versions may have relied on, etc.
• You will need at least one redirect URL. For vendor systems discuss these URLs with your system suppliers. More on redirect URLs
• Do use the ORCID FAQ for assistance with filling in the fields.
• Keep your credentials safe. They are specific to your application and ensure that only your application gains access based on your membership status and the permissions granted by researchers. Please do not share the client ID and secret, for example do not email them to the UK Jisc support desk. You can share your client ID when reporting issues, but not the secret.

Updating the application information

If you need to update the application that uses the credentials in the future, for example change the redirect URLs or update the text displayed to your users such as the name of your application, use the same form and select Yes for Update existing credentials?

A note on using the Sandbox.

A separate blog post is available, which will go into more detail regarding the ORCID Sandbox, how to access it, and differences from the production API. In a nutshell, the Sandbox provides a way to test API calls to the ORCID registry without affecting any actual live records (which are only found in the Production Registry). The sandbox only contains test data. If you have a test or development version of your vendor system, and you would like to do some testing using that system, then you should connect it to the ORCID sandbox for the purposes of testing.
You will need to request separate Sandbox credentials to set up your development system, using the form for registering a client application with the sandbox. You may also need to check with your vendor as you may need different redirect URLs.
Once you have done your testing with the development instance of your vendor system against the ORCID Sandbox, then you can move to using the live vendor system with the ORCID production registry by following the steps at the start of this blog post.

Letting ORCID know when you go live.

Institutions should advise ORCID when they officially launch the integration. ORCID can assist with publicity if required. ORCID will add the integration to their list of live integrations and include it in their monthly member newsletter. They can also share news about your integration on Facebook and Twitter and would be happy to talk to you about other opportunities to publicize your integration.

Need help?

The first port of call for help for members of the UK Jisc consortium should be the Jisc UK ORCID support desk which can be contacted at help@jisc.ac.uk. The helpdesk will liaise with ORCID support for assistance that only ORCID can provide. Vendors are the best source of information on vendor-specific information.
Updated 08/08/2024 to reflect updates in the underlying ORCID documentation and processes.

Further Information

• https://info.orcid.org/documentation/
• https://info.orcid.org/documentation/integration-guide/
• https://info.orcid.org/documentation/integration-guide/getting-started-with-your-orcid-integration/
• https://info.orcid.org/documentation/workflows/repository-systems/
• https://info.orcid.org/membership/
• http://jisc.ac.uk/orcid