This article has been superseded by the new information site at https://info.orcid.org/documentation/integration-and-api-faq/
In keeping with our commitment to researcher control of their ORCID record, the record holder can choose to revoke any access token at any time by deleting it from permissions in the Trusted Organization list under their Account Settings.
As of 2018, researchers can only grant long-lived access tokens.
Access tokens granted to clients created after 2014-10-27 were long-lived by default, but could previously be set to short-lived (expiring after 1 hour) by users during the authorization process. This option has been removed since 2018.
For more information, see:
- Member Support Center: Introduction to OAuth