This document discusses the ORCID API, including how it allows software programs to exchange data with the ORCID registry. It explains the basic API flow involving permissions, describes what an API is, and covers the key aspects of the ORCID API like permissions/scopes, messages, and OAuth calls for reading and updating a user's ORCID record through the API. It also provides resources for working with the ORCID API.
Apidays New York 2024 - The value of a flexible API Management solution for O...
The ORCID API (L. Paglione)
1. orcid.org
beyond what is ORCID...
...using the API
2016 february 15
laura paglione
technical director, ORCID
L.Paglione@ORCID.org
http://orcid.org/0000-0003-3188-6273
Contact Info: p. +1-301-500-2139 a. 10411 Motor City Drive, Suite 750, Bethesda, MD 20817 USA
3. orcid.org
basic API flow
ORCID Record
Yes!
Do you have
permission to do what
you want to do?
Get the permission;
store iD and “token”
Read the record or
update the record
No
OAuth
6. PHOTO: electronic circuit board
www.flickr.com/photos/creative_stock/5227842611
explaining scopes / permissions
orcid.org
ORCID registry depends on user-based permissions:
Can I...
• have your iD (/authenticate)
• interact with the activities on your record
• read (/activities/read)
• update (/activities/update)
• interact with your biographical information
• read (/person/read)
• update (/person/update)
8. PHOTO: electronic circuit board
www.flickr.com/photos/creative_stock/5227842611
the OAuth calls – part 1
orcid.org
Initiate the process – Send the user to a “fancy” URL
https://orcid.org/oauth/authorize?
client_id=0000-0002-3003-7862&
response_type=code&
scope=/activities/read-limited%20/activities/update&
redirect_uri=https://my.URL.org&
family_names=Paglione&given_names=Laura&email=l.paglione
%2B2014@orcid.org&orcid=0000-0001-6356-0580
The base URL – displays the screen
who’s asking?
what permission?
where the user goes next
Personalize the
experience
9. PHOTO: electronic circuit board
www.flickr.com/photos/creative_stock/5227842611
what the user sees
orcid.org
10. PHOTO: electronic circuit board
www.flickr.com/photos/creative_stock/5227842611
the OAuth calls – part 2
orcid.org
ORCID sends the user to your redirect, with a code
https://my.URL.org?htA3yE
you...
• save the code – you need it for the next step
• display something useful to the user
• Authorize: thanks for your permission!
• Deny: are you sure you don’t want to give permission?
The magic code
11. PHOTO: electronic circuit board
www.flickr.com/photos/creative_stock/5227842611
the OAuth calls – part 3a: the call
orcid.org
use the code to gain access using the ORCID API
https://api.orcid.org/oauth/token
HEADER: accept:application/json
DATA:
client_id=0000-0002-3003-7862
client_secret=f6ffa224-dc28-4c51-8c9e-ae4b86f61bc3
grant_type=authorization_code
code=htA3yE
redirect_uri=https%3A%2F%2Fmy.URL.org
our API calls always looks
like URLs (RESTful)
what format?
The magic code
confirming that you are
the right one to get this
information
12. PHOTO: electronic circuit board
www.flickr.com/photos/creative_stock/5227842611
the OAuth calls – part 3b: the result
orcid.org
the result of the call
"access_token” : "6710dfee-6aab-445b-a266-205dd9085273",
"token_type” : "bearer",
"expires_in” : 631138518,
"scope” : "/activities/read-limited /activities/update",
"orcid” : "0000-0001-6356-0580",
"name” : "Laura Paglione”
store the access token and iD
when permission expires (in seconds)
your permission – executed contract
iD & name for the person
who gave permission
What you can do
13. PHOTO: electronic circuit board
www.flickr.com/photos/creative_stock/5227842611
ORCID-specific calls
orcid.org
• Read data: GET
• Add data: POST
• Update data: PUT
BASE URL: https://api.orcid.org/0000-0000-0000-0000
HEADERS:
accept:application/json (reading) content-type:application/json (adding /updating)
Authorization: Bearer 6710dfee-6aab-445b-a266-205dd9085273
DATA (if adding or updating):
the file location=@file_location_name
Modifiers:
/works
/update
data format
Access token from before
14. PHOTO: electronic circuit board
www.flickr.com/photos/creative_stock/5227842611
but wait... there’s more
orcid.org
• Error handling
• API updates
• about 1x/year
• supported versions
• release candidates
• deprecated versions