Later this month we will be introducing the canonical form of the ORCID iD: https://orcid.org/0000-0002-1825-0097.
We strive to provide a reliable Registry that secures your information and protects against vulnerabilities. Trust is a core ORCID principle, and it’s vital that the research community has confidence in the Registry. Moving to HTTPS is integral to this, as it keeps the resolution of ORCID iDs hidden from third-party tracking and analytics systems.
HTTPS iDs have been recommended by the ORCID Technical Steering Group, the ORCID Board, the journal display working group, and many in the ORCID community. Requiring the HTTPS protocol in the iD display makes the ORCID iD resolvable and brings it in line with the format of other identifiers such as DOIs.
We have been migrating the ORCID websites to HTTPS and are now also implementing HTTPS in our API. HTTPS is already required for all API 2.0 calls, and all Member API redirect URIs must be in HTTPS. Doing the same for ORCID iDs is the last step in the process.
When does this take effect?
Later this month we will release our API 2.1, which enables us to support HTTPS ORCID iDs. There will be no other functional changes to API calls or to the XSD. We will simultaneously update the ORCID Trademark and iD Display Guidelines to formalize HTTPS as the default recommended display.
What do I need to do?
If you are currently developing an ORCID integration, we encourage -- but do not require -- you to develop using API 2.1 to enable your workflows to benefit from HTTPS ORCID iDs. In future, display of HTTPS ORCID iDs will be required to obtain a Collect & Connect Display badge.
If you are already displaying ORCID iDs, we recommend that you switch to the HTTPS version of the ORCID iD.
More information, including updated documentation, will be available at launch. In the meantime, if you have any questions, please don’t hesitate to contact us.