Page MenuHomePhabricator

Token missing
Closed, ResolvedPublic


Token missing in addwiki-api and addwiki-api-base.

PHP Fatal error: Uncaught Mediawiki\Api\UsageException: Code: notoken
Message: The "token" parameter must be set.
Result: {"error":{"code":"notoken","info":"The \"token\" parameter must be set.","*":"See https:\/\/\/w\/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https:\/\/\/mailman\/listinfo\/mediawiki-api-announce> for notice of API deprecations and breaking changes."},"servedby":"mw1276"} in /vendor/addwiki/mediawiki-api-base/src/MediawikiApi.php:374

Related Objects

Event Timeline

This is important. Because of this the Delinker bot is down, and there is already a huge queue:

Sorry, forgot to add that!

Exactly, the error is caused when the logout();[1] function is called. (so SimpleRequest has to be extended with params['token'] in that line i guess)

I found this discussion here because I get the same error message above in line 1 on different PCs when using nameGuzzler. What I have to do to get nameGuzzler to work again for me (looks like it works for other users).

PS: Solved by copying the slightly modified content of commons.js and nameGuzzler.js from Wikidata User:Jitrixis to the own pages.

Found in the [Mediawiki-api-announce] mailing list (april 2019) : BREAKING CHANGE: Action API action=logout will require a CSRF token (Brad Jorsch (Anomie))


With the merge of Icb674095,[1] use of API action=logout will require a
CSRF token. This was considered a security issue, so the usual deprecation
process was not followed. See T25227[2] for details.

Clients that do not use a CSRF token with action=logout will receive a
badtoken error message *and will not be logged out*.

This change should be deployed to Wikimedia wikis with 1.34.0-wmf.3. See for a schedule.

Overall client impact is expected to be relatively low, as gathered
statistics indicate there are relatively few users of this API call. None
the less, maintainers should check their code for use of action=logout and
update as necessary to maintain expected operation.