Page MenuHomePhabricator
Files F34552541

API tokens
No One
Actions

Authored By
Pchelolo
Jul 15 2021, 10:21 PM
Size
3 KB
Referenced Files
None
Subscribers
None

API tokens
View Options

TLDR: On September 1 we will remove deprecated parameters that were used to obtain tokens in MediaWiki API. If your script/tool/bot or gadget was using these deprecated parameters, it will break unless you migrate it.
MediaWiki Action API clients (tool, scripts and bots that make calls to /w/api.php) sometimes need to obtain a token before making a write operation. Before MediaWiki 1.24 (November 2014) these tokens were obtained by using `token` property in various action api endpoints:
- action=tokens [1]
- `rctoken` in action=query&list=recentchanges [2]
- `rvtoken` in action=query&prop=revisions [3]
- `intoken` in action=query&prop=info [4]
- `ustoken` in action=query&list=users[5]
- `preferencestoken` in action=query&meta=userinfo [6]
Since 2014, a new API Module action=query&meta=tokens [7] was added where all these various tokens were consolidated. You can find more documentation for the deprecated API calls in [8] and guide for the new API calls at [9]
In a nutshell, the migration is trivial. If you script/tool/gadget or bot used to make an API call like
```
curl https://en.wikipedia.org/w/api.php?action=tokens&type=csrf
{
"warnings": {
"main": {
"*": "Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes. Use [[Special:ApiFeatureUsage]] to see usage of deprecated features by your application."
},
"tokens": {
"*": "\"action=tokens\" has been deprecated. Please use \"action=query&meta=tokens\" instead."
}
},
"tokens": {
"csrftoken": "<redactedtoken>+\\"
}
}
```
You simply replace it with
```
curl https://en.wikipedia.org/w/api.php?action=query&meta=tokens&type=csrf
{
"batchcomplete": "",
"query": {
"tokens": {
"csrftoken": "dc7f408e414a6932fe74f90c469197fb60f0b37f+\\"
}
}
}
```
and change the object you pull out the token from result['tokens'] to result['query']['tokens'].
If you are using gadgets/scripts you've copied from another wiki, try updating them from the source - it might have already been fixed.
We are aiming to remove this functionality on September 1. These API calls were deprecated for 7 years and removing them will unlock some important refactoring we are working on now. We recognize this is a tight deadline, so we want to be flexible with it. If there's a need from the community to extend the deadline, please reach us on wikitech-l@lists.wikimedia.org.
[1] https://en.wikipedia.org/w/api.php?action=help&modules=tokens
[2] https://en.wikipedia.org/w/api.php?action=help&modules=query%2Brecentchanges
[3] https://en.wikipedia.org/w/api.php?action=help&modules=query%2Brevisions
[4] https://en.wikipedia.org/w/api.php?action=help&modules=query%2Binfo
[5] https://en.wikipedia.org/w/api.php?action=help&modules=query%2Busers
[6] https://en.wikipedia.org/w/api.php?action=help&modules=query%2Buserinfo
[7] https://en.wikipedia.org/w/api.php?action=help&modules=query%2Btokens
[8] https://www.mediawiki.org/wiki/API:Tokens_(action)
[9] https://www.mediawiki.org/wiki/API:Tokens

File Metadata

Mime Type
text/plain; charset=utf-8
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9128228
Default Alt Text
API tokens (3 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL