Tag: ORCID Integration

  • ORCID Registry vs Institutional Repository

    Researcher metadata should live in both systems, but for different reasons: the ORCID registry holds the person-owned identity record a researcher carries between institutions, while the institutional repository or CRIS holds the institution-owned record used for reporting, compliance, and assessment. The two should be kept aligned through automated API feeds, not parallel manual entry.

    The ORCID registry is a global, non-proprietary database of persistent digital identifiers — ORCID iDs — that let a researcher maintain one authoritative, portable record of their affiliations, works, and funding across every system they touch. That single design fact is what determines the division of labour with institutional systems, and it is the source of most of the “where does this data actually live” confusion research offices report.

    What is the ORCID registry, and what is it for?

    The ORCID registry launched in October 2012 as a non-profit, member-supported alternative to the proprietary author-ID systems then run by individual publishers and databases. Its governing principle, stated in ORCID’s own registry documentation, is that individuals own their record: researchers — not institutions or publishers — control what is displayed publicly, what is shared with “trusted organisations,” and who those organisations are.

    This person-centric design means the registry is built to follow a researcher across employers, disciplines, and countries. It is not built to answer institution-level questions such as “which outputs count toward our next research assessment” — that is a different data model entirely, owned by a different actor.

    What do institutional repositories and CRIS platforms manage instead?

    Institutional repositories and Current Research Information Systems (CRIS) — platforms such as Pure, Symplectic Elements, and DSpace-CRIS — exist to serve the institution’s reporting, compliance, and visibility needs, not the researcher’s portable identity. They aggregate outputs, grants, and staff affiliations at the organisational level, typically structured around the CERIF (Common European Research Information Format) data model maintained by euroCRIS.

    This is also where regulatory deadlines bite. Under the UK’s Research Excellence Framework open-access policy, outputs must be deposited in an institutional repository within three months of acceptance to remain eligible for the next assessment exercise — a requirement that will continue to apply under REF 2029. That obligation sits squarely with the institution, not with ORCID.

    Where should each type of researcher metadata actually live?

    In practice, the split is not “ORCID or CRIS” but “which record is authoritative for which fact.” The table below sets out the practical division of labour that most research offices converge on once duplicate entry becomes painful enough to fix.

    Metadata type Authoritative home Why
    Person identity, career history, cross-institution works list ORCID registry Researcher-owned, portable, survives institutional moves
    REF/assessment-eligible outputs, funder compliance records Institutional CRIS/repository Institution is legally accountable for reporting accuracy
    Grant and funder affiliation data Both, synchronised Funders (e.g. UKRI) require an ORCID iD at application, then institutions track spend internally
    Public-facing researcher profile ORCID registry (primary), CRIS-fed institutional page (secondary) One canonical identity, many display surfaces

    UKRI has required an ORCID iD from principal and co-investigators applying for funding across its research councils since 2023, which makes the registry the practical entry point for grant-related identity data even though the institution remains the system of record for compliance reporting.

    How do auto-update feeds eliminate duplicate data entry?

    Manual double-entry — typing the same publication into a CRIS and then again into an ORCID record — is the single biggest source of researcher frustration with metadata systems, and it is entirely avoidable. ORCID’s own registry documentation is explicit about the goal: reduce the burden on researchers and improve how information is shared, rather than asking them to re-key it.

    The mechanism is ORCID’s Member API, which — unlike the read-only Public API — allows an authenticated institutional system to write updates directly to a researcher’s record with their permission. A properly configured integration works in both directions:

    • CRIS-to-ORCID push: when a researcher deposits a new output in the institutional repository, the system automatically writes it to their ORCID record, tagged with the institution as the data source.
    • ORCID-to-CRIS pull: when a researcher joins an institution, the CRIS uses ORCID’s “search-and-link” workflow to pull their existing works and affiliation history into the local profile without re-typing.
    • Provenance tagging: every item on an ORCID record carries a visible source tag, so a reviewer can see whether an entry came from the researcher, an institution, a publisher, or a funder.

    Platforms such as DSpace-CRIS offer this bidirectional synchronisation as a built-in feature rather than a custom build, and ORCID’s “trusted organisation” permission model means the researcher grants and can revoke that write access at any time — the delegation is explicit, not implicit.

    Common questions about the ORCID registry

    What is an ORCID registry?

    An ORCID registry is the central, non-proprietary database that issues and stores ORCID iDs — persistent digital identifiers that disambiguate individual researchers and link them to their affiliations, works, and funding records. It is maintained by ORCID, a member-supported non-profit, and researchers register and control it directly rather than an institution or publisher owning the record.

    Can I look up someone’s ORCID?

    Yes. The public search function on the ORCID registry lets anyone look up a researcher’s public profile by name, affiliation, or ORCID iD, subject to whatever privacy settings that individual has chosen. Fields marked private by the record holder will not appear in public search results, even though the underlying record still exists.

    Who can register for ORCID?

    Anyone engaged in research, scholarship, or innovation can register for an ORCID iD directly and free of charge, regardless of career stage, discipline, institution, or country. This open registration model is what allows the identifier to persist across job changes, unlike institution-issued staff or repository IDs that expire when someone leaves.

    Does ORCID cost money?

    Registering for and using an ORCID iD is always free for individual researchers. Costs only arise for organisations: institutions, publishers, and funders that want Member API write access — the level needed for auto-update integrations with a CRIS or repository — pay ORCID membership dues, while read-only lookups via the Public API remain free.

    Implications for research offices and publishers

    For research administrators, the practical takeaway is not to choose between the ORCID registry and the CRIS but to stop treating them as separate data-entry destinations. Institutions that configure bidirectional API sync report far fewer profile-accuracy complaints from academic staff, because researchers enter a change once and it propagates outward.

    For publishers and funders, the same logic applies to contributor metadata: ORCID records can carry CRediT contributor-role tags alongside a work, so a journal’s manuscript system, the author’s ORCID record, and the institution’s CRIS can all reference the same role assignment rather than three independent descriptions of who did what.

    Outlook: toward a single source of truth

    The direction of travel across research information management is unambiguous: person-level identity consolidates in the ORCID registry, institution-level reporting consolidates in the CRIS, and the connective tissue between them is API-driven synchronisation rather than parallel manual records. As funders such as UKRI extend ORCID requirements further into the grant lifecycle, institutions that have not yet automated their CRIS-to-ORCID feeds will face growing duplicate-entry costs relative to those that have.

    Research offices evaluating a CRIS or repository upgrade should treat native, bidirectional ORCID Member API support as a baseline procurement requirement, not an optional add-on — the alternative is asking researchers to keep doing by hand what the API was built to automate.

  • ORCID Database: Inside the Public Data File

    The ORCID database’s annual public data file is a bulk, machine-readable snapshot of every public record in the ORCID registry, released once a year under a CC0 public-domain dedication. It is not the same thing as ORCID’s live summary statistics page — the data file is a static, downloadable dataset built for large-scale analysis of PID adoption, while the statistics page is a running counter of registrations. Together they answer different questions for anyone studying how persistent identifiers are being taken up across research.

    ORCID (Open Researcher and Contributor ID) is a non-profit registry that issues a free, unique 16-character identifier so that individual researchers and contributors can be distinguished from others with similar or identical names. The ORCID database that underpins this registry is what the annual public data file exports in bulk form — and that export is the subject of this analysis.

    What is the ORCID public data file?

    The ORCID public data file is a full export of every field that ORCID record-holders have marked as publicly visible, packaged as a single downloadable dataset rather than served record-by-record through the API. ORCID has released one of these files annually since 2013, hosting each release on the Figshare repository with a persistent DOI so that the exact version used in a study can always be cited.

    Access requires no ORCID membership and no API credentials. Anyone — a bibliometrician, a funder’s policy team, a university library, or an independent developer — can download the file directly. This “no gatekeeping” design is deliberate: ORCID’s registry exists to resolve author-name ambiguity across the whole scholarly ecosystem, and the organisation has treated bulk openness of public data as part of that public-interest mandate since the file’s first release.

    What does the annual dataset actually contain?

    Since the 2018 release, the public data file has been split into two components rather than one monolithic archive. This structural change reflects the growing size and complexity of individual records as ORCID’s activity metadata schema expanded.

    • Summaries file: one compact record per ORCID iD, covering biography, employment, education and other profile-level fields.
    • Activity files: separate, more granular files carrying the full public detail of works, funding, peer review and other activities linked to each iD.

    Both components are distributed as XML, the format ORCID’s underlying registry schema is built on; community-maintained conversion tools exist for teams that prefer JSON for downstream processing. Because works metadata in the schema can also carry contributor-role tags, the dataset increasingly includes role-level authorship detail as well as bare authorship claims — useful for anyone tracking how granular contribution reporting is spreading, distinct from simple co-authorship lists.

    As of August 2022, ORCID’s own statistics reported 14,727,479 live iDs and 1,258 member organisations, according to figures published on the ORCID Statistics page and reproduced in ORCID’s public reporting. Registration volumes of that scale are exactly what make the annual file a meaningful basis for adoption-trend research rather than a curiosity dataset.

    How does it differ from ORCID’s summary statistics?

    ORCID’s public-facing statistics page shows a live, aggregate count — total registrations, year-on-year growth, member numbers — updated continuously as the registry changes. The public data file is the opposite in every operational sense: a frozen, record-level snapshot taken at a fixed point in time, distributed once a year, and never updated after release.

    Attribute Public data file Summary statistics
    Granularity Every public field of every public record Aggregate totals only
    Update frequency Annual (fixed snapshot) Continuous / real time
    Format Bulk XML archive, downloaded once Web page / lightweight API counters
    Licence CC0 1.0 public domain dedication Published figures, not a dataset
    Typical user Researchers, funders, PID analysts General public, journalists, members

    This distinction matters for anyone citing ORCID in research administration literature: a claim about “how many researchers have ORCID iDs today” belongs to the statistics page, while a claim about “what fraction of ORCID works records carry funder identifiers” or “how affiliation self-reporting has changed by country” can only be answered from the bulk file itself.

    What can researchers do with the open dataset?

    Because the file is CC0-licensed and covers the full registry rather than a sample, it supports analysis no API query against individual records could replicate at scale. Typical uses include:

    • Measuring PID adoption trends by country, discipline or institution type over successive annual releases
    • Cross-linking ORCID iDs to DataCite and Crossref DOI metadata to study identifier coverage across the publication-funding-repository chain
    • Auditing how completely researchers populate employment and affiliation fields, which underpins institutional-attribution accuracy in research information systems
    • Building reproducible, citable PID-landscape studies, since each annual file carries its own Figshare DOI

    Since October 2015, DataCite and Crossref have used ORCID’s auto-update mechanism to write newly registered DOI metadata directly into linked ORCID records, which means the annual file increasingly reflects publication and dataset activity that researchers never manually entered themselves — a provenance detail that matters when interpreting completeness metrics from the dump.

    Answer-first Q&A

    What is the ORCID database?

    The ORCID database is the registry of unique 16-character identifiers, and associated public profile data, that ORCID Inc. maintains to distinguish individual researchers and contributors. It underlies both the live registry website and the annual public data file that exports the registry’s public content in bulk.

    Is ORCID iD public?

    An ORCID iD itself is always public once created, but the surrounding profile data is not automatically so. Record-holders set visibility settings field-by-field, and only fields marked public are exported into the annual data file or returned by the public API.

    Is ORCID free to use?

    Yes. Registering for and using an ORCID iD is free for individual researchers, and the public data file itself is free to download under a CC0 dedication. ORCID’s revenue instead comes from paid membership fees charged to institutions, publishers and funders that integrate with the registry.

    How do you find an ORCID iD?

    Individuals can search the ORCID registry directly by name at the public ORCID website, or look up a specific record via its 16-character identifier. Institutions and developers needing bulk lookups instead query the public API or work from the annual data file rather than searching one iD at a time.

    Implications for institutions and PID researchers

    For research administrators and institutional leaders, the annual public data file is the only reliable way to benchmark ORCID adoption across a whole sector rather than a single institution’s membership dashboard. Funders assessing whether a mandate for ORCID iDs has actually changed researcher behaviour need a full-registry snapshot, not a live counter that only reports totals.

    For developers and PID researchers, the file’s annual cadence and DOI-stamped releases mean every study can specify exactly which snapshot it used — a reproducibility property that live API queries, by their continuously-changing nature, cannot offer. As ORCID’s works metadata increasingly captures structured contributor-role information, future editions of the public data file are likely to become a primary source for studying how granular authorship attribution is spreading across disciplines, alongside identifier adoption itself.

  • How to Link ORCID to Publications: 2 Methods

    Linking a publication to ORCID means associating your 16-digit ORCID iD with a specific work record — either automatically through a Crossref or DataCite metadata feed authorised when you submit a manuscript, or manually by entering a DOI, PubMed ID, or BibTeX file into the Works section of your ORCID record. Auto-updated works carry a materially stronger trust signal than self-asserted entries, because the claim originates from a third-party registration agency rather than the researcher.

    ORCID is a non-proprietary, persistent digital identifier that distinguishes individual researchers from one another and links them to their publications, datasets, funding, and institutional affiliations. Understanding how to link ORCID to publications correctly — and which method to use for which purpose — determines whether that record reads as verified evidence or as an unaudited self-report.

    What Linking a Publication to ORCID Actually Means

    An ORCID “Work” is any research output — a journal article, dataset, preprint, conference paper, or software release — attached to a researcher’s ORCID record. Each record can hold up to 10,000 works, a ceiling ORCID imposes to protect Registry performance, according to ORCID’s own support documentation.

    Every work carries a source: the entity that added it. That source field is the whole point. A work added by the researcher themselves is labelled with the researcher’s own name as source. A work added via an authorised integration — a publisher, Crossref, DataCite, or a research information system — is labelled with that organisation’s name as source. This single metadata field is what separates a verified claim from a self-report.

    How Auto-Update Works via Crossref and DataCite

    Auto-update is a “push” mechanism, not something a researcher does manually after the fact. It runs on trust relationships a researcher grants once and that then apply to every future publication. Publishers who register content with Crossref (for journal articles) or DataCite (for datasets and other outputs) can include an author’s ORCID iD in the deposited metadata.

    • Set-up: the researcher supplies their ORCID iD during manuscript or dataset submission and authorises the publisher as a “trusted organisation” on their ORCID record.
    • Trigger: when the work is registered and its DOI is minted, Crossref or DataCite passes the metadata, including the ORCID iD, back to the ORCID Registry.
    • Result: the work appears on the researcher’s ORCID record automatically, with the publisher or registration agency listed as the source — no manual entry required, then or ever again.

    ORCID’s own guidance favours this route: “Allowing trusted organizations to add information to your record ensures the data connected with your ORCID iD is authoritative and trustworthy,” per ORCID Support’s “Add works to your ORCID record” article. Auto-updated entries are visually flagged in the ORCID interface with a distinct icon next to the work.

    How Manual Import Works via DOI, PubMed ID, and BibTeX

    Manual import is a “pull” process the researcher initiates, typically to backfill a body of existing work that predates any auto-update authorisation. ORCID Support lists four routes, in addition to auto-update, from the Works section’s +Add menu:

    1. Import from other services — searching connected databases such as Web of Science, Scopus, or Crossref Metadata Search and bulk-importing matched records.
    2. Add work with a DOI — pasting a Digital Object Identifier, which pulls the full citation from the DOI registration agency.
    3. Add work with a PubMed ID — the same principle, using PMID for biomedical literature indexed in PubMed.
    4. Import a BibTeX file — exporting a library from Google Scholar, EndNote, or Mendeley to a .bib file and uploading it directly.
    5. Add work manually — typing citation details by hand for works with no identifier at all.

    Each route is initiated by the researcher and populates the record once, rather than on an ongoing basis. Identifier-based and BibTeX import draw on structured external metadata, so they are more reliable than fully manual entry, but the source field still reads as the researcher, not a registration agency, unless the import tool explicitly attributes the deposit.

    Auto-Update vs Manual Import: Which Carries More Trust?

    Both routes populate the same Works section, but they are not equivalent as provenance signals. The distinction that matters to institutions, funders, and research-integrity reviewers is who is asserting the claim, not how the citation data was formatted.

    Factor Auto-Update (Crossref/DataCite) Manual Import (DOI/BibTeX/Manual)
    Who initiates it Publisher, at registration/DOI-minting time Researcher, whenever they choose
    Recorded source Publisher or registration agency The researcher themselves
    Coverage Future works only, from authorisation onward Past and present works, added retrospectively
    Ongoing effort None after initial authorisation Repeated per work or per batch
    Trust signal Third-party verified Self-asserted

    An auto-updated work is corroborated by an external registration agency’s records — the kind of independently verifiable evidence that research assessment exercises and grant compliance checks look for. A manually entered work, even one anchored to a real DOI, still relies on the researcher’s own account linking “this person” to “this ORCID iD.” Institutions running authorship audits should treat the two categories differently, not as interchangeable Works-tab entries.

    The practical recommendation, and the one ORCID itself gives, is to use both: manual import to backfill the existing publication history, and auto-update authorisation with every future submission so new works never need re-entering.

    Frequently Asked Questions

    Can I use my ORCID iD for publications?

    Yes. An ORCID iD can be attached to any publication at submission, and most scholarly publishers now capture it as standard metadata. Once attached, that iD becomes the persistent link between the researcher and the work, regardless of name changes, institutional moves, or common-name ambiguity.

    How do I add an ORCID iD to a manuscript?

    Most journal submission systems prompt for an ORCID iD during author registration, then authenticate it via ORCID’s own sign-in flow. Once authorised, the publisher can include that iD in the metadata deposited with Crossref or DataCite when the article or dataset is registered and assigned a DOI.

    How do I link ORCID to a publisher such as Elsevier?

    Publisher platforms, including Elsevier’s Editorial Manager, typically show a “Use my ORCID” or “Connect ORCID” button during login or registration. Clicking it opens an ORCID authentication window; after signing in and authorising access, the publisher can read and, where permitted, write publication data to the record.

    What This Means for Institutions, Publishers, and Funders

    For research administrators, the auto-update versus manual-import distinction is not a technical footnote — it is a compliance and evidence question. UKRI’s Funding Service requires named investigators to supply an ORCID iD as part of grant applications, and institutions increasingly rely on ORCID’s Works data to populate REF-style outputs lists and funder reports. Data drawn from auto-updated, publisher-sourced Works entries is defensible evidence in that context; data drawn from unaudited manual entries is not, without further checking.

    This “who asserts the claim” logic underpins contributor-level attribution more broadly. CASRAI originated the CRediT contributor role taxonomy in 2014, and the standard is now stewarded by NISO as ANSI/NISO Z39.104-2022. CRediT statements and ORCID auto-updates share one design principle: attribution is more trustworthy when a party other than the researcher is on record as having made the claim. Institutions building publication-verification workflows, for CRediT contributor statements or ORCID Works alike, should apply the same provenance test.

    Publishers that deposit ORCID iDs with Crossref or DataCite at DOI registration are, in effect, running the infrastructure that makes auto-update possible at scale. Where that deposit step is skipped, researchers are pushed back onto manual import by default, regardless of preference.

    Conclusion: Building a Verifiable Publication Record

    Getting works onto an ORCID record is straightforward mechanically: import from a connected database, enter a DOI or PMID, upload a BibTeX file, or authorise auto-update at submission. The strategic choice is which of these to rely on for which purpose. Manual import is the right tool for backfilling a career’s worth of existing publications in one pass. Auto-update via Crossref and DataCite is the right tool for every submission from today onward, because it produces a record institutions, funders, and integrity reviewers can treat as third-party verified rather than self-reported. As research assessment increasingly leans on machine-readable provenance rather than researcher-supplied CVs, that distinction is likely to matter more, not less.

  • ORCID Sandbox: A Developer’s Guide to Testing

    The ORCID sandbox is a free, fully functional copy of the ORCID Registry — at sandbox.orcid.org — that lets developers register test accounts, request API credentials, and run real Public and Member API calls against dummy data before touching production. No ORCID membership is required to test the Member API in the sandbox, and nothing you do there can affect a real researcher’s ORCID record.

    ORCID is a non-profit registry that assigns researchers a free, persistent 16-digit identifier (an ORCID iD) and connects it to their affiliations, works, and funding through a public API and a membership-tier Member API. Building an integration means testing the OAuth handshake and both API tiers in the sandbox before requesting production credentials.

    What is the ORCID sandbox and how does it differ from production?

    The sandbox is a mirror of the production ORCID Registry running on isolated test infrastructure. It behaves the same way as the live registry, with a handful of deliberate exceptions built in for safety.

    • Sandbox accounts only send verification and notification emails to @mailinator.com addresses, so registration mail never leaks to real inboxes.
    • Sandbox data is not backed up and can be wiped without notice — never store anything you need to keep there.
    • Anyone can request sandbox Member API credentials, even without an ORCID membership; production Member API access requires a paid membership tier.
    • Base URLs differ from production, which is the detail most tutorials skip:
    Component Sandbox Production
    Registry / sign-in sandbox.orcid.org orcid.org
    Public API base (v3.0) pub.sandbox.orcid.org/v3.0 pub.orcid.org/v3.0
    Member API base (v3.0) api.sandbox.orcid.org/v3.0 api.orcid.org/v3.0
    OAuth authorize endpoint sandbox.orcid.org/oauth/authorize orcid.org/oauth/authorize
    OAuth token endpoint sandbox.orcid.org/oauth/token orcid.org/oauth/token

    Under ORCID’s published integration guide, every client credential, redirect URI, and access token issued in the sandbox is scoped to sandbox hostnames only — a sandbox client ID will not authenticate against production, and vice versa. This is the single most common cause of “invalid client” errors when developers copy sandbox code straight into a production deployment.

    Public API vs Member API: which scope does your integration need?

    ORCID publishes two distinct APIs, and choosing the wrong one wastes weeks of sandbox testing. The Public API is free for non-commercial use and gives read-only access to publicly visible record data — no ORCID membership required. The Member API requires production membership (though not in the sandbox) and adds write access plus read access to “trusted” limited-access data that a researcher has authorised your organisation to see.

    Capability Public API Member API
    Read public record data Yes Yes
    Read trusted/limited-access data No Yes, with researcher permission
    Write or update a record No Yes, with researcher permission
    Membership required in production No Yes
    Membership required in sandbox No No — open to anyone testing
    Typical use case “Sign in with ORCID”, search, display Populate affiliations, works, funding on a record

    Research information systems, manuscript submission platforms, and repository software (for example, systems built on OJS) most often need Member API scopes because they write affiliation or works data back to a researcher’s record. Discovery tools and simple “sign in with ORCID” buttons typically only need the Public API.

    How do you register a sandbox client and complete the OAuth handshake?

    Every ORCID integration authenticates through OAuth 2.0, and the sandbox forces you to exercise the full handshake before production ever sees a request. The sequence is the same for Public and Member API integrations, only the scopes and base URLs change.

    1. Create a sandbox account. Register at sandbox.orcid.org/register using a made-up @mailinator.com address so you can retrieve the verification email from the public Mailinator inbox.
    2. Register a client application. From the account’s Developer Tools section (or via ORCID’s sandbox Member API request form), obtain a client ID and client secret plus a registered redirect URI.
    3. Send the user to the authorize endpoint. Redirect to the sandbox authorize URL with response_type=code, your client_id, the requested scope, and your redirect_uri.
    4. Capture the authorization code. After the researcher grants permission, ORCID redirects back to your registered URI with a short-lived authorization code.
    5. Exchange the code for a token. POST the code, client ID, and client secret to the sandbox token endpoint to receive an access token bound to that researcher’s ORCID iD.
    6. Call the API. Use the access token as a Bearer credential against the sandbox Public or Member API base URL to read or write record data.

    Because sandbox credentials only work against sandbox hostnames, this whole sequence must be repeated — with new, separately issued production client credentials — once testing is complete. ORCID’s own guidance recommends reviewing its integration checklist, and for Member API integrations, demonstrating the working sandbox flow to the ORCID team, before requesting production access.

    What goes wrong when moving from sandbox to production?

    Most production failures trace back to configuration, not code. Watch for these before cutover:

    • Hard-coded sandbox hostnames. Any string reference to sandbox.orcid.org, pub.sandbox.orcid.org, or api.sandbox.orcid.org left in production config will silently fail authentication.
    • Redirect URI mismatch. The redirect URI used in the OAuth request must exactly match the one registered against that specific client ID — sandbox or production, they are registered separately.
    • Wrong API tier requested. Applying for Member API production access without an active ORCID membership will be rejected; Public API access has no such requirement.
    • Assuming sandbox reliability. ORCID explicitly states the sandbox carries no uptime or data-retention guarantee, so integration tests should not depend on long-lived sandbox test records.

    Institutions building or commissioning a research administration system that writes to ORCID records — a current research information system (CRIS), grants platform, or repository — should budget sandbox testing time separately from production onboarding, since ORCID’s own review step for Member API access is a manual, asynchronous process.

    Sandbox and API questions, answered

    Does ORCID have an API?

    Yes. ORCID offers a Public API for reading publicly visible record data and connecting systems without ORCID membership, and a Member API for member organisations to read trusted data and write affiliations, works, or funding to a record with the researcher’s permission.

    Is ORCID API free?

    The Public API is free for non-commercial use by individuals and organisations under ORCID’s Public API terms of service. The Member API, in production, requires a paid ORCID membership tier — though sandbox Member API testing credentials are free and open to anyone, member or not.

    What is ORCID public API vs member API?

    The Public API allows anyone to read public-access information on ORCID records via machine-to-machine calls. The Member API is restricted to member organisations and additionally supports reading limited-access “trusted” data and writing or updating a researcher’s record with authorisation.

    The ORCID sandbox exists precisely because both API tiers, and the OAuth handshake connecting them, need to be exercised end-to-end — with real credentials and real error responses — before a single production request is made. Treat it as a mandatory rehearsal step, not an optional convenience: budget time for the manual Member API review, hard-code nothing that points at a sandbox hostname, and re-issue every credential fresh for production.

  • ORCID Membership: Consortium vs Direct Guide

    ORCID membership is free only for individual researchers; institutions that want to integrate ORCID into their systems must pay an organisational fee, either directly to ORCID Inc. or, at a discount, through a national or regional consortium. The choice between direct membership and consortium membership determines what an institution pays, which API scopes and integration support it gets, and whether it gains a voice in ORCID’s governance.

    ORCID membership is the paid organisational tier that lets an institution connect its own systems to the ORCID registry — reading and writing data to researcher records with permission — rather than simply relying on researchers’ free, individually held ORCID iDs.

    What is ORCID membership, and how is it different from free registration?

    Individual ORCID registration is, and always will be, free: any researcher can create a 16-digit ORCID iD at orcid.org/register in under a minute and use it for life. ORCID membership is a separate, paid tier for organisations — universities, publishers, funders, and service providers — that want to integrate ORCID data into their own institutional systems rather than rely on manual, researcher-entered information.

    Membership unlocks the ORCID Member API, which allows an institution’s research information system, repository or HR platform to read and, with the researcher’s permission, write data to the ORCID registry — publications, affiliations, grants and peer review activity. Without membership, an organisation can still search the public ORCID database and encourage “Sign in with ORCID” authentication, but it cannot programmatically update records at scale.

    ORCID Inc. reports more than 1,200 member organisations worldwide, made up of both direct members and institutions that joined through a consortium, spanning universities, publishers, funders, facilities and government agencies.

    What does direct institutional membership include?

    Direct membership means an institution contracts and pays ORCID Inc. directly, with no intermediary. Under ORCID’s published 2026 fee schedule, Basic direct membership costs US$4,775 a year for non-profit and government organisations (after a standard 20% non-profit discount) and US$5,975 for commercial organisations. Premium direct membership — which adds priority support, on-demand reporting and a customised onboarding — costs US$9,550 a year for smaller non-profit organisations (under US$200 million in annual revenue or funds) and rises to US$23,880 for larger non-profits above that threshold.

    Direct members manage their own ORCID integration: applying for membership, renewing annually, handling invoicing, and owning their API credentials without a consortium administrator in the loop. This suits institutions with in-house developer capacity that want a direct line to ORCID’s own support team and full control over procurement terms.

    • Standard application, renewal and invoicing handled directly with ORCID Inc.
    • Full Member API access to read and write ORCID record data with permission
    • Ability to negotiate specific procurement or legal requirements within ORCID’s standard framework
    • Additional integrations available at US$3,585 each per year

    What does consortium membership include, and how does it cut costs?

    Consortium membership is open only to non-profit and government organisations. A consortium lead — typically a national research infrastructure body — negotiates a single block agreement with ORCID and then apportions fees across member institutions, all of whom automatically receive Premium-equivalent access. In the UK, Jisc administers the national ORCID consortium, offering reduced membership costs plus UK-based technical and community support through a dedicated support site. Equivalent consortia operate elsewhere: the ORCID US Community is administered by Lyrasis, the Health Research Alliance runs a health-research-focused consortium with five premium API keys per member, and IReL administers the Irish Research eLibrary consortium.

    ORCID’s consortium fee table is tiered by both institutional budget size and the number of organisations in the consortium: a five-member consortium of small non-profits (under US$10 million annual budget) pays US$3,495 per member per year, falling to US$1,750 per member once the consortium reaches 60 or more members. Organisations in countries classified by the World Bank as Lower Income receive an 80% reduction on consortium fees, and Lower-Middle-Income organisations receive a 50% reduction, under ORCID’s Membership Equity Program — which also lowers the minimum consortium size from five to three organisations for a group’s first year.

    Consortium members gain two things direct members do not: a shared “community of practice” with peer institutions solving the same integration problems, and exclusive access to the Affiliation Manager tool, which lets non-technical staff add and update researcher affiliation data without a developer.

    Direct vs consortium: cost, API access and governance compared

    The headline trade-off is straightforward: consortium membership is cheaper and comes bundled with premium access and local support, but it hands administration to a third-party lead organisation; direct membership costs more but keeps the relationship — and the paperwork — entirely in-house.

    Factor Direct membership Consortium membership
    Who administers it ORCID Inc. directly A consortium lead (e.g. Jisc in the UK, Lyrasis for the ORCID US Community)
    2026 indicative cost US$4,775–US$23,880/year (non-profit, Basic to Premium) US$1,750–US$9,340/member/year, scaling down as consortium size grows
    Eligibility Any organisation type Non-profit and government organisations only
    API access level Basic or Premium (self-selected) Premium-equivalent, automatically
    Affiliation Manager tool Not included Included
    Local/community support ORCID’s own global support team Consortium lead’s national/regional support team
    Governance voice Eligible to stand for and vote in ORCID Board elections Eligible to stand for and vote in ORCID Board elections

    Institutional governance participation — nominating a representative for the ORCID Board and voting in annual Board elections — is a benefit of ORCID membership itself, not a differentiator between the two routes; both direct and consortium members hold this governance voice.

    Which route should an institution choose?

    For most universities and non-profit research organisations, joining an existing national or regional consortium is the more cost-effective starting point: it delivers premium API access, local implementation support and peer knowledge-sharing at a fraction of direct-membership pricing. Institutions in a country without an established consortium can use ORCID’s Membership Equity Program to form one with as few as three founding members in year one.

    Direct membership better suits organisations that are commercial (and therefore ineligible for a consortium), that need bespoke procurement or legal terms outside a consortium’s standard agreement, or that already run substantial in-house integration teams and prefer a direct relationship with ORCID’s support desk rather than a national intermediary.

    Research administration teams evaluating either route should confirm three things before signing: which access tier (Basic or Premium) the fee actually buys, whether a local consortium already exists for their jurisdiction, and whether their researcher information system vendor already holds member API credentials that could reduce the need for a separate institutional integration.

    Common questions about ORCID membership

    Does ORCID cost money?

    Individual ORCID registration is always free for researchers. Cost only applies at the organisational level: institutions pay an annual membership fee — starting around US$1,750 per member through a large consortium, or from roughly US$4,775 for direct non-profit membership — to integrate ORCID into their own systems.

    How much does it cost to register with ORCID?

    Registering for a personal ORCID iD costs nothing and takes under a minute at orcid.org/register. Institutional membership fees are separate and depend on the route chosen: direct membership is tiered by revenue, while consortium membership is tiered by both budget size and consortium membership count, per ORCID’s published 2026 fee schedule.

    What are the benefits of having institutional ORCID membership?

    Membership gives an institution Member API access to read and write trusted data — publications, affiliations, funding — directly into researcher ORCID records with permission, streamlining research information management, funder compliance reporting and automated CV generation for researchers.

    Implications for research administration

    As funders increasingly require ORCID iDs in grant applications and publishers embed them in submission workflows, institutional ORCID integration is shifting from optional to expected infrastructure. The consortium model has proven durable precisely because it converts a fixed, individually negotiated cost into a shared, scaling one — the more organisations that join a national consortium, the cheaper membership becomes for every existing member. Institutions weighing the decision should treat it as an infrastructure procurement choice tied to their research administration systems roadmap, not an isolated subscription decision.

  • ArXiv ORCID Authentication for Preprints

    ArXiv ORCID authentication lets a researcher link a persistent ORCID iD to their arXiv account, and it is one of two models preprint servers use to establish who an author is before a paper ever reaches peer review — the other being direct “log in with ORCID,” used by bioRxiv. Neither model performs formal identity verification in the legal sense; both rely on ORCID’s OAuth authentication to confirm that the person submitting genuinely controls the ORCID iD they claim.

    ORCID authentication is the OAuth-based process by which a researcher proves control of their ORCID iD to a third-party system — such as a preprint server — by signing in directly at orcid.org, without ever sharing a password with that third party. This distinction matters for research administrators and developers assessing how much identity assurance a preprint record actually carries.

    How does ORCID authentication work before publication?

    ORCID authentication runs on a three-legged OAuth flow, documented by ORCID’s own integration guide. A system such as a preprint server creates a “Connect your ORCID iD” link; when a researcher clicks it, they are redirected to orcid.org, sign in with their own ORCID credentials, and explicitly grant the requesting system permission to read (and, for member integrations, write) specific parts of their record.

    ORCID then returns an authorisation code, which the preprint server exchanges for an access token. That token — not a copied-and-pasted ID number — is what proves the connection is genuine. According to ORCID’s documentation, the organisation does not permit manual entry of ORCID iDs in any workflow where authenticated collection is technically possible, precisely because typed-in IDs cannot prove ownership.

    • Public API: free, available to non-commercial and commercial integrations, sufficient for basic authenticated sign-in and read access.
    • Member API: requires ORCID membership, needed to write data (such as adding the preprint itself) directly to a researcher’s record.
    • Sandbox environment: a full ORCID Sandbox testing server lets integrators build and demo the OAuth flow before ORCID’s engagement team approves production Member API credentials.

    How arXiv verifies author identity with ORCID

    arXiv treats ORCID primarily as a disambiguation and record-linking layer rather than a submission gate. Authors link an existing ORCID iD — or create one during the process — via arXiv’s account dashboard, and the platform then prefers the ORCID iD over its own internal arXiv author identifiers wherever possible “in order to facilitate better data exchange,” per arXiv’s own documentation.

    Identity assurance on arXiv sits mainly in a separate, adjacent mechanism: endorsement. As of 21 January 2026, arXiv no longer accepts an institutional email address alone as sufficient qualification for a new submitter. Under the updated policy, a new author must now satisfy one of two paths:

    1. An institutional academic/research email address and prior authorship on a paper already accepted into the relevant arXiv endorsement domain, or
    2. Direct personal endorsement from an established arXiv author already active in that same domain.

    arXiv’s own guidance notes that authors contacting a potential endorser may include a link to their ORCID profile as supporting evidence, though ORCID linkage itself is not a mandatory endorsement criterion. Misrepresenting identity or institutional affiliation is, separately, a violation of arXiv’s code of conduct and grounds for account suspension.

    How bioRxiv verifies author identity with ORCID

    bioRxiv, operated by the non-profit openRxiv, takes a more direct authentication route. The platform offers a “Log in with ORCiD” option at the account level: when a submitter authenticates this way, bioRxiv receives an ORCID-verified identifier straight from ORCID’s OAuth flow, rather than a self-typed value.

    During manuscript submission, corresponding authors can also attach ORCID iDs for themselves and co-authors, which are then carried into the preprint’s metadata. This matters for provenance: under ORCID’s documented preprint workflow, an ORCID-member preprint server can add the work to an author’s ORCID record with a “Self” relationship, and later — once a peer-reviewed version exists — a publisher can add the journal article with a “Version of” relationship linking the two, grouping the preprint and its published descendant on one authoritative record.

    arXiv vs bioRxiv: ORCID identity assurance compared

    The two platforms diverge on where, and how strongly, ORCID authentication sits in the submission path:

    Feature arXiv bioRxiv
    ORCID collection point Account linking, post-registration Optional login and/or manuscript submission
    Authentication method Account-page OAuth link to ORCID Direct “Log in with ORCiD” OAuth sign-in
    Mandatory for submission? No — recommended, not required No — optional for authors and co-authors
    Separate identity gate Endorsement policy (updated 21 Jan 2026) Basic screening for offensive/non-scientific content
    Co-author ORCID capture Not built into the submission form Can be added at submission by corresponding author

    What this means for identity assurance ahead of peer review

    ORCID authentication and identity verification are not the same thing, and conflating them overstates what a preprint record actually proves. An authenticated ORCID iD confirms that a specific, persistent researcher account is behind a submission. It does not confirm a person’s legal name, employer, or credentials — those rest on the separate affiliation and endorsement checks each platform runs independently.

    Funders are pushing this authentication layer further upstream. UK Research and Innovation (UKRI) is building mandatory ORCID iD linking into its Funding Service for project leads, co-leads and fellows, with the requirement expected to take effect roughly six months after the relevant functionality launches, targeted for 2027. That shifts identity assurance earlier — to the funding-application stage — rather than leaving it solely to the preprint or journal submission step.

    For institutions and developers building on this infrastructure, the practical takeaway is definitive: treat an authenticated ORCID iD as strong evidence of account control, and treat endorsement, institutional email, and funder-linked ORCID mandates as the separate, complementary layers that build fuller identity assurance around it.

    Frequently asked questions

    Do arXiv papers appear on ORCID?

    Yes. Once an author links their ORCID iD to their arXiv account, arXiv’s works are unambiguously connected to that researcher’s broader scholarly record, helping distinguish them from authors with similar names across other platforms and repositories.

    How do I add an arXiv preprint to ORCID?

    Authors can search by arXiv identifier directly within their ORCID record’s “Add works” tool, or link their arXiv account to ORCID so eligible works sync automatically. Manual entry of someone else’s ORCID iD is not permitted under ORCID’s collection policy.

    Does an arXiv preprint count as a publication?

    Not in the traditional peer-reviewed sense. ArXiv preprints are not peer-reviewed before posting, so most journals and funders treat them as a distinct output type — citable, but separate from the peer-reviewed version of record that may follow.

    What is the arXiv identifier?

    The arXiv identifier (or arXiv ID) is a unique code assigned to every submitted paper, used to cite and retrieve it. It is distinct from an author’s ORCID iD, which identifies the person rather than the paper.

    Looking ahead

    arXiv and bioRxiv show two workable but distinct approaches to the same problem: using ORCID’s authenticated, OAuth-based identifiers to anchor preprint authorship without claiming to verify legal identity outright. As funders such as UKRI extend ORCID requirements into the funding-application stage, the identity-assurance chain around research outputs is likely to start earlier and grow more consistent — well before a manuscript ever reaches a preprint server or a peer-review desk.

    For research administrators mapping authorship and contribution practices onto institutional systems, understanding exactly what an authenticated ORCID iD does and does not prove is a prerequisite for sound research administration policy — not an afterthought.

  • ORCID Researcher Connect: What Changed in 2026

    ORCID Researcher Connect is a member-exclusive institutional feature, launched by ORCID on 3 February 2026, that lets member organisations automatically notify affiliated researchers who hold a verified institutional email on their ORCID record but have not yet linked that record to the institution’s own systems. Researcher Connect is ORCID’s automated, institution-triggered notification workflow: it closes the gap between a researcher having a verified email-domain affiliation and that researcher actively authorising an institution to read and write data on their record.

    For research offices, the launch matters because it converts a largely manual outreach problem — chasing researchers to link accounts — into an automated, recurring workflow built into the ORCID registry itself. This article sets out what the feature actually does, how it differs from a standard affiliation claim, what a pilot cohort of seven institutions found, and exactly what a research office must configure before it can switch Researcher Connect on.

    What is ORCID Researcher Connect?

    Researcher Connect is a benefit available to ORCID member organisations with an active integration capable of adding and updating affiliations. It builds directly on ORCID’s verified institutional email domains, a trust-marker feature launched in 2024. According to ORCID’s own 3 February 2026 announcement, more than four million active ORCID records now carry a verified institutional email domain — a large pool of researchers who are identifiable to an institution but not necessarily connected to that institution’s integrated system.

    Researcher Connect uses that verified-domain data to find the gap: researchers whose ORCID record shows a verified @institution.ac.uk-style email but who have never granted the institution’s system permission to read from or write to their record. The feature then automates the outreach that would otherwise require a manual email campaign from the research office.

    How does it differ from a standard affiliation claim?

    A standard affiliation claim on ORCID can be added in three ways: a researcher self-reports it manually, a member organisation adds it via API after the researcher has already authorised a connection, or the institution’s Affiliation Manager tool pushes bulk affiliation records. Researcher Connect sits upstream of all three — it is the mechanism that gets an unconnected researcher to the point of authorisation in the first place, rather than a way of writing affiliation data once permission already exists.

    Crucially, ORCID’s documentation states that Researcher Connect is not available to institutions that only use Affiliation Manager, because Affiliation Manager already generates its own researcher notifications. The two are complementary, not interchangeable, and a research office needs to know which workflow it is already running before requesting activation.

    Mechanism Who initiates it Trigger Requires prior authorisation?
    Manual self-report Researcher Researcher edits their own record No — researcher-entered directly
    Affiliation Manager Institution (bulk upload) HR/HRIS data feed Institution-managed; sends its own notifications
    Standard API affiliation write Institution’s integration Researcher has already connected Yes — OAuth already granted
    ORCID Researcher Connect ORCID, on the member’s behalf Verified email domain + no existing connection No — this is the step that obtains authorisation

    How does the notification workflow operate?

    Once enabled, ORCID runs the matching and notification cycle automatically. Eligible researchers are identified daily, and notifications are sent at 1pm UTC to everyone matching the institution’s supplied email domains who has not connected and has not already received a Researcher Connect notification from that member within the past year.

    • Researchers receive an ORCID-inbox message and, depending on their notification-frequency settings, an email invitation.
    • The notification links to the institution’s own ORCID landing page, where the researcher signs in and authorises the connection via OAuth.
    • If no action is taken, ORCID sends one reminder notification after 30 days.
    • The full cycle repeats annually, or immediately whenever a researcher newly adds a matching verified institutional domain to their record.

    Once a connection is authorised, the institution can add employment affiliations directly to the record, and those affiliations carry ORCID Trust Markers — signals that the underlying data was asserted by a verified institutional source rather than self-reported.

    What must a research office configure?

    ORCID’s documentation sets three prerequisites before Researcher Connect can be activated, and none of them involve new engineering work — the feature is delivered on ORCID’s side once the following are in place.

    • An active ORCID member integration that can add and update affiliations (not Affiliation Manager alone).
    • A verified list of institutional email domains the institution wants ORCID to match against, supplied to the ORCID Engagement Support Lead.
    • An ORCID landing page — a maintained institutional webpage explaining why researchers should connect, what data will be read or written, and a clearly labelled “Connect with ORCID” button leading directly to the sign-in flow.

    Research offices supplying organisation identifiers for affiliation records should also note that ORCID stopped receiving updates to the legacy Ringgold identifier database on 1 August 2023 and now recommends the Research Organization Registry (ROR) identifier for parent-organisation entries — a detail worth checking before any bulk affiliation push, since stale Ringgold-only records will not resolve correctly going forward. Institutions without an existing member integration must first join ORCID membership before Researcher Connect becomes available at all.

    What did the pilot cohort show?

    ORCID piloted Researcher Connect with seven member organisations ahead of the full rollout: Bodleian Libraries at the University of Oxford, Erasmus University Rotterdam, Dun Laoghaire Institute of Art, Design and Technology, Aalborg University, Aarhus University, Imperial College London, and the University of Vienna. Across the pilot period, ORCID reports that these institutions connected over 5,700 previously unconnected users and updated their records with verified affiliations.

    Jason Partridge, Collections Support Senior Manager at the Bodleian Libraries, University of Oxford, described the effect of verified institutional linkage on researcher behaviour: the verified link with the institution “gives a feeling that this makes it ‘official’ and tracks as part of the CV element that the ORCID profile offers a user” — a signal ORCID also cites as driving disproportionate uptake among early-career researchers specifically.

    Frequently asked questions

    Does ORCID cost money?

    An ORCID iD is free for individual researchers to register and use for life. Institutions, however, must hold an active ORCID membership, which carries fees, and maintain a working member API integration before they can enable Researcher Connect notifications for their affiliated researchers.

    How do I connect my ORCID iD?

    A researcher clicks the “Connect” button in a Researcher Connect notification, which opens the institution’s ORCID landing page. From there, they sign in with their ORCID credentials and authorise the connection via OAuth, granting the institution permission to add or read affiliation data on their record.

    What is ORCID connecting research and researchers?

    ORCID is a non-profit organisation providing a free, persistent digital identifier — the ORCID iD — for researchers, alongside a registry linking that identifier to institutional affiliations, funding and publication records across nearly 1,200 member integrations spanning universities, publishers and funders worldwide.

    Implications and outlook

    For research offices, Researcher Connect shifts affiliation-verification effort from repeated manual email campaigns to a maintained landing page and a supplied domain list — a lower ongoing burden once the initial setup is done. It also raises the bar for what “current affiliation data” means: with Trust Markers now distinguishing institution-asserted affiliations from self-reported ones, downstream consumers of ORCID data — funders, publishers, national assessment exercises — have a stronger basis for treating ORCID affiliation fields as verified rather than declarative.

    Institutions running research administration workflows around grants, compliance reporting or researcher CV verification should treat the feature as an operational dependency: enabling it changes who initiates the affiliation-linking conversation, from the researcher to ORCID itself, on the institution’s behalf. Offices that have not yet reviewed their eligibility — an active affiliation-capable integration, a domain list and a landing page — should raise the requirement with their ORCID Engagement Support Lead as a discrete, low-effort configuration task rather than a development project.

  • CRediT Taxonomy Adoption: Overcoming Institutional Hurdles in University Systems

    Introduction

    The strategic advancement of CRediT Taxonomy Adoption: Overcoming Institutional Hurdles in University Systems is transforming how modern academic institutions catalog, preserve, and evaluate scientific outputs. In an era dominated by rapid open-science transitions and complex funding mandates, establishing unified metadata frameworks, secure persistent identifiers, and collaborative repositories is essential for ensuring institutional transparency and global research discoverability.

    Analyzing the Strategic Role of CRediT Taxonomy in Research Ecosystems

    The implementation of CRediT Taxonomy has emerged as a cornerstone in modern scholarly metadata and institutional reporting. By providing structured, standardized, and machine-actionable frameworks, CRediT Taxonomy resolves long-standing issues relating to identity disambiguation, resource tracking, and global accessibility. Research administrators and funding bodies increasingly mandate the adoption of CRediT Taxonomy-compliant workflows to automate report consolidation, minimize administrative burdens, and ensure complete transparency of project outcomes on a global scale.

    Technical Implementation Frameworks and Cross-System Interoperability

    From an engineering perspective, integrating CRediT Taxonomy relies on standardized APIs, structured XML or JSON-LD metadata schemas, and secure communication protocols. When integrated into university repositories, library catalog systems, and national research databases, CRediT Taxonomy acts as an unbreakable link that maps scholarly effort across disparate platforms. This cross-system interoperability is crucial for constructing the ‘Scholarly Graph’, which connects researchers, publications, funding records, and clinical datasets in a machine-readable format.

    Overcoming Policy Friction and Fostering Cultural Adoption

    Despite the technical advantages of CRediT Taxonomy, institutional adoption is frequently hindered by policy friction, lack of specialized administrative training, and cultural inertia among academic staff. To overcome these hurdles, research offices must implement comprehensive outreach programs, establish centralized library support services, and formally write CRediT Taxonomy compliance into promotion, tenure, and recruitment rubrics, ensuring that researchers are directly rewarded for contributing to a connected, transparent scholarly record.

    Key Evaluation and Interoperability Matrix

    Technical Dimension Core Standard / Protocol Implementation Action Primary Operational Benefit
    API Integration RESTful Web APIs / OAuth 2.0 Configure automated client credentials and secure token exchanges. Enables real-time data sync and eliminates manual data entry errors.
    Metadata Mapping JSON-LD / XML Schemas Map localized fields to recognized Dublin Core or Schema.org namespaces. Ensures global discoverability and machine-readability across indexes.
    Preservation Policy OAIS / CoreTrustSeal Establish long-term digital escrow and storage replication models. Guarantees continuous asset access and data longevity under compliance rules.

    Actionable Checklist for Implementing CRediT Taxonomy

    • Review and audit existing institutional workflows for CRediT Taxonomy compatibility.
    • Configure administrative APIs and establish secure client credentials.
    • Provide targeted training sessions for academic authors and research managers.
    • Verify metadata completeness and standardize mappings to global namespaces.
    • Formally recognize compliance in departmental promotion and evaluation rubrics.