What is the ORCID API and what you can do with it? (R. Peters)
1 like•968 views
The ORCID API allows developers to integrate ORCID identifier services into their applications. It uses OAuth2 for authentication and provides a RESTful interface for retrieving and updating ORCID profile and activity record data. Developers can build tools that authenticate users via their ORCID ID, push citations and other works to ORCID records, and provide insights into researcher impact by linking datasets to ORCID profiles. Several existing tools demonstrate uses of the ORCID API such as allowing user profile linking, citation importing, and research analytics services.
What is the ORCID API and what you can do with it? (R. Peters)
- 1. What is the ORCID API and what you can do with it? Robert Peters Technology Operations Director http://orcid.org/0000-0002-0036-9460
- 2. Let’s start by defining some common phrases ● API ● OAuth2 ● RESTful service ● Persistent identifier ● Unique identifier
- 3. I lied - these are not common at all.... I’ll try to translate: Very exact programming terms :-( Into high level abstractions in plain English :-)
- 4. API An application programming interface (API) is a set of routines, protocols, and tools for building software and applications. Translation: If your software gives my software one of these instructions I’ve defined, it will perform this action, or return this information.
- 5. OAuth2 OAuth is an open standard for authorization, commonly used as a way for Internet users to log in to third party websites using their Microsoft, Google, Facebook, Twitter, One Network etc. accounts without exposing their password. Generally, OAuth provides to clients a "secure delegated access" to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server. OAuth 2.0 is the next evolution of the OAuth protocol and is not backwards compatible with OAuth 1.0. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. The specification and associated RFCs are developed by the IETF OAuth WG; the main framework was published in October 2012. Translation: A standard set of rules which resource owners (commonly users) to grant access to APIs SECURELY.
- 6. RESTful Service In computing, representational state transfer (REST) is the software architectural style of the World Wide Web. More precisely, REST is an architectural style consisting of a coordinated set of architectural constraints applied to components, connectors, and data elements, within a distributed hypermedia system. REST ignores the details of component implementation and protocol syntax in order to focus on the roles of components, the constraints upon their interaction with other components, and their interpretation of significant data elements. Through the application of REST architectural constraints certain architectural properties are induced: Performance, Scalability, Simplicity, Modifiability, Visibility, Portability, and Reliability………………………………... ………….To the extent that systems conform to the constraints of REST they can be called RESTful. RESTful systems typically, but not always, communicate over Hypertext Transfer Protocol (HTTP) with the same HTTP verbs (GET, POST, PUT, DELETE, etc.) that web browsers use to retrieve web pages and to send data to remote servers. REST systems interface with external systems as web resources identified by Uniform Resource Identifiers (URIs), for example /people/tom, which can be operated upon using standard verbs such as DELETE /people/tom. Translation: A web API that implements a popular and simple set of instructions in the same way as a whole bunch of other web APIs do.
- 7. Persistent Identifier A persistent identifier (PID) is a long-lasting reference to a digital object—a single file or set of files. Noted persistent identifier systems include: Archival Resource Keys (ARKs), Digital Object Identifiers (DOIs), the Handle System, Persistent Uniform Resource Locators (PURLs), Uniform Resource Names (URNs), and Extensible Resource Identifiers (XRIs). Translation: An identifier that exists for a long long long time and points at data.
- 8. Unique Identifier With reference to a given (possibly implicit) set of objects, a unique identifier (UID) is any identifier which is guaranteed to be unique among all identifiers used for those objects and for a specific purpose. Translation: Being the only one of its kind, a set of letters and numbers that identifies one thing and only that thing.
- 9. Great! To review: API - If your software gives my software one of these instructions I’ve defined, it will perform this action, or return this information. OAuth2 - A standard set of rules which resource owners (commonly users) to grant access to APIs SECURELY. RESTful Service - A web API that implements a popular and simple set of instructions in the same way as a whole bunch of other web APIs do. Persistent Identifier - An identifier that exists for a long long long time and points at data. Unique Identifier - Being the only one of its kind, a set of letters and numbers that identifies one thing and only that thing.
- 10. ½ done - why don’t we talk about ORCID?
- 11. What is an ORCID iD? An ORCID iD is a unique persistent identifier which resolves to data about a researcher. Researchers control data associated with their record. It looks like this: http://orcid.org/0000-0001-5727-2427
- 12. And returns things like this! XML Data JSON Data HTML
- 13. What are the ORCID APIs? Public API - Free and available to anyone ○ Authenticate ○ Read Public Member API - Only available to member organizations ○ Read Limited (non-public information a researcher chooses to share with a member organization) ○ Add and update records (requires users permission) ○ Webhooks ○ Researcher Notifications
- 14. What’s in a ORCID record? Organized into two sections. Person: Names, Countries, Keywords, Websites, Person Identifiers Activities: Education, Employment, Funding, Peer Reviews, and Works
- 15. Sample OAuth2 flow and API calls 1. User is sent from your website to ORCID’s authorization page. URL specifies permission your application is requesting from the user. 2. User approves and is sent to a URL you specify (redirect_url); ORCID API attaches an authorization code to the end of this URL 1 2
- 16. 3. Your site checks the redirect url for the authorization code 4. Your site exchanges the authorization code (using your API client ID and secret) for the user’s authenticated ORCID iD, name and an API access token 5. Token can used to make API calls, per the permissions that you requested curl -Sk -H 'Content-Type: application/json' -H 'Authorization: Bearer https://api.qa.orcid.org/v1. 2_rc6/0000-0001-6356-0580 {"message-version":"1.2_rc6","orcid-profile":{"orcid":null,"orcid-id":null,"orcid-identifier":{"value":null,"uri":"http://qa.orcid.org/0000-0001-6356-0580"," path":"0000-0001-6356-0580","host":"qa.orcid.org"},"orcid-deprecated":null,"orcid-preferences":{"locale":"EN"},"orcid-history":{"creation-method":" WEBSITE","completion-date":{"value":1358374706031},"submission-date":{"value":1357936637938},"last-modified-date":{"value":1463177638836}," claimed":{"value":true},"source":null,"deactivation-date"...................................
- 17. Ok, that was a little scary. Let’s simplify: Read the record or Update the record Get researcher’s permission and ORCID iD Do you have permission to do what you want to do?
- 18. Enough tech! What can you do & build using the ORCID APIs? ● Authenticate a user’s ORCID iD ● Push a person identifier to ORCID ● Push work metadata or other activity to the API ● Insights into researcher impact
- 19. Authenticating a user’s ORCID iD (Nature) ….. ….. Nature Journal uses ORCID’s OAuth2 flow to authenticate a researcher’s ORCID iD. This prevents user- driven errors such as typos.
- 20. Pushing a person identifier to ORCID (Loop) Loop pushes their identifier to ORCID via the API, and a link to Loop is shown.
- 21. Pushing a work citation to the API (Crossref)
- 22. Insights into researcher impact (Impactstory) ORCID serves as the infrastructure for Impactstory provide insights into researcher impact.
- 23. The true power of our APIs is the flexibility to use them in ways we haven’t even dreamed of! TODO: One big screenshot of websites that use ORCI
- 24. Where to go from here? Technical documentation: http://members.orcid.org/api API users group: https://groups.google.com/forum/#!forum/orcid-api-users Technical webinars: http://members.orcid.org/eventlist Vendor documentation: https://members.orcid.org/orcid-enabled-systems ORCID support team, they know everything! [email protected] Thanks! Feel free to contact me directly at [email protected]