ArXiv ORCID Authentication for Preprints

ArXiv ORCID authentication lets a researcher link a persistent ORCID iD to their arXiv account, and it is one of two models preprint servers use to establish who an author is before a paper ever reaches peer review — the other being direct “log in with ORCID,” used by bioRxiv. Neither model performs formal identity verification in the legal sense; both rely on ORCID’s OAuth authentication to confirm that the person submitting genuinely controls the ORCID iD they claim.

ORCID authentication is the OAuth-based process by which a researcher proves control of their ORCID iD to a third-party system — such as a preprint server — by signing in directly at orcid.org, without ever sharing a password with that third party. This distinction matters for research administrators and developers assessing how much identity assurance a preprint record actually carries.

How does ORCID authentication work before publication?

ORCID authentication runs on a three-legged OAuth flow, documented by ORCID’s own integration guide. A system such as a preprint server creates a “Connect your ORCID iD” link; when a researcher clicks it, they are redirected to orcid.org, sign in with their own ORCID credentials, and explicitly grant the requesting system permission to read (and, for member integrations, write) specific parts of their record.

ORCID then returns an authorisation code, which the preprint server exchanges for an access token. That token — not a copied-and-pasted ID number — is what proves the connection is genuine. According to ORCID’s documentation, the organisation does not permit manual entry of ORCID iDs in any workflow where authenticated collection is technically possible, precisely because typed-in IDs cannot prove ownership.

  • Public API: free, available to non-commercial and commercial integrations, sufficient for basic authenticated sign-in and read access.
  • Member API: requires ORCID membership, needed to write data (such as adding the preprint itself) directly to a researcher’s record.
  • Sandbox environment: a full ORCID Sandbox testing server lets integrators build and demo the OAuth flow before ORCID’s engagement team approves production Member API credentials.

How arXiv verifies author identity with ORCID

arXiv treats ORCID primarily as a disambiguation and record-linking layer rather than a submission gate. Authors link an existing ORCID iD — or create one during the process — via arXiv’s account dashboard, and the platform then prefers the ORCID iD over its own internal arXiv author identifiers wherever possible “in order to facilitate better data exchange,” per arXiv’s own documentation.

Identity assurance on arXiv sits mainly in a separate, adjacent mechanism: endorsement. As of 21 January 2026, arXiv no longer accepts an institutional email address alone as sufficient qualification for a new submitter. Under the updated policy, a new author must now satisfy one of two paths:

  1. An institutional academic/research email address and prior authorship on a paper already accepted into the relevant arXiv endorsement domain, or
  2. Direct personal endorsement from an established arXiv author already active in that same domain.

arXiv’s own guidance notes that authors contacting a potential endorser may include a link to their ORCID profile as supporting evidence, though ORCID linkage itself is not a mandatory endorsement criterion. Misrepresenting identity or institutional affiliation is, separately, a violation of arXiv’s code of conduct and grounds for account suspension.

How bioRxiv verifies author identity with ORCID

bioRxiv, operated by the non-profit openRxiv, takes a more direct authentication route. The platform offers a “Log in with ORCiD” option at the account level: when a submitter authenticates this way, bioRxiv receives an ORCID-verified identifier straight from ORCID’s OAuth flow, rather than a self-typed value.

During manuscript submission, corresponding authors can also attach ORCID iDs for themselves and co-authors, which are then carried into the preprint’s metadata. This matters for provenance: under ORCID’s documented preprint workflow, an ORCID-member preprint server can add the work to an author’s ORCID record with a “Self” relationship, and later — once a peer-reviewed version exists — a publisher can add the journal article with a “Version of” relationship linking the two, grouping the preprint and its published descendant on one authoritative record.

arXiv vs bioRxiv: ORCID identity assurance compared

The two platforms diverge on where, and how strongly, ORCID authentication sits in the submission path:

Feature arXiv bioRxiv
ORCID collection point Account linking, post-registration Optional login and/or manuscript submission
Authentication method Account-page OAuth link to ORCID Direct “Log in with ORCiD” OAuth sign-in
Mandatory for submission? No — recommended, not required No — optional for authors and co-authors
Separate identity gate Endorsement policy (updated 21 Jan 2026) Basic screening for offensive/non-scientific content
Co-author ORCID capture Not built into the submission form Can be added at submission by corresponding author

What this means for identity assurance ahead of peer review

ORCID authentication and identity verification are not the same thing, and conflating them overstates what a preprint record actually proves. An authenticated ORCID iD confirms that a specific, persistent researcher account is behind a submission. It does not confirm a person’s legal name, employer, or credentials — those rest on the separate affiliation and endorsement checks each platform runs independently.

Funders are pushing this authentication layer further upstream. UK Research and Innovation (UKRI) is building mandatory ORCID iD linking into its Funding Service for project leads, co-leads and fellows, with the requirement expected to take effect roughly six months after the relevant functionality launches, targeted for 2027. That shifts identity assurance earlier — to the funding-application stage — rather than leaving it solely to the preprint or journal submission step.

For institutions and developers building on this infrastructure, the practical takeaway is definitive: treat an authenticated ORCID iD as strong evidence of account control, and treat endorsement, institutional email, and funder-linked ORCID mandates as the separate, complementary layers that build fuller identity assurance around it.

Frequently asked questions

Do arXiv papers appear on ORCID?

Yes. Once an author links their ORCID iD to their arXiv account, arXiv’s works are unambiguously connected to that researcher’s broader scholarly record, helping distinguish them from authors with similar names across other platforms and repositories.

How do I add an arXiv preprint to ORCID?

Authors can search by arXiv identifier directly within their ORCID record’s “Add works” tool, or link their arXiv account to ORCID so eligible works sync automatically. Manual entry of someone else’s ORCID iD is not permitted under ORCID’s collection policy.

Does an arXiv preprint count as a publication?

Not in the traditional peer-reviewed sense. ArXiv preprints are not peer-reviewed before posting, so most journals and funders treat them as a distinct output type — citable, but separate from the peer-reviewed version of record that may follow.

What is the arXiv identifier?

The arXiv identifier (or arXiv ID) is a unique code assigned to every submitted paper, used to cite and retrieve it. It is distinct from an author’s ORCID iD, which identifies the person rather than the paper.

Looking ahead

arXiv and bioRxiv show two workable but distinct approaches to the same problem: using ORCID’s authenticated, OAuth-based identifiers to anchor preprint authorship without claiming to verify legal identity outright. As funders such as UKRI extend ORCID requirements into the funding-application stage, the identity-assurance chain around research outputs is likely to start earlier and grow more consistent — well before a manuscript ever reaches a preprint server or a peer-review desk.

For research administrators mapping authorship and contribution practices onto institutional systems, understanding exactly what an authenticated ORCID iD does and does not prove is a prerequisite for sound research administration policy — not an afterthought.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *