Public Api access token duration

[Rui Batista]

Hello all,

I have a question about the implementation of the public API that I would like to clarify.

In the tutorial I'm following, I got to the step where I receive an authorization id from a certain user so that the api can see its data, and I change that 6-digit id for its Orcid-ID and an access Token.

Heres what is told about the access token::

"ORCID will then return the researcher’s authenticated ORCID iD and an access token:

{"access_token":"f5af9f51-07e6-4332-8f1a-c0c11c1e3728","token_type":"bearer",

"refresh_token":"f725f747-3a65-49f6-a231-3e8944ce464d","expires_in":631138518,

"scope":"/read-limited","name":"Sofia Garcia","orcid":"0000-0001-2345-6789"}

The access tokens returned can be short lived (expiring one hour after issue) or long lived (expiring 20 years after issue). Either token can be used multiple times before it expires."

My idea would be to keep this data in a table for future reference without having to always go through the "manual" authorization of users (after the first authorization has been given), which would be possible if the token lasts for years, but impossible if it only lasts. one hour.

Is there a way to guarantee that the expiration date of these tokens is the highest possible?

I thank you in advance for your support,

Best regards

Rui Batista

[Pedro Costa]

Hello Rui,

Thanks for posting your question.

I believe the tutorial you're following is the one at https://members.orcid.org/api/tutorial/read-orcid-records but please let me know if it's actually something else you're looking at so that we can get the info corrected.

We don't issue short-lived tokens anymore so all our tokens are valid for 20 years (unless revoked). The tutorial referenced above has been updated to reflect this info.

Just let us know if you have any other questions.

Kind regards,

Pedro Costa

QA & Support Specialist

[Rui Batista]

Thank you Pedro.

Best regards

Rui Batista