API:Account creation/pre-1.27
This page is obsolete. It is being retained for archival purposes. It may document extensions or features that are obsolete and/or no longer supported. Do not rely on the information here being up-to-date. Updated documentation is available at API:Account creation. |
This page is part of the MediaWiki Action API documentation. |
Createaccount | ||
---|---|---|
Create a new user account. This module cannot be used as a generator. | ||
Prefix | none | |
Required rights | none | |
Post only? | Yes | |
Generated help | Current | |
Version added |
|
Creating accounts
editYou can create accounts using the API. This can be a new account for yourself, or you can create an account for someone else, with a random password mailed to that person. Account creations are recorded in Special:log/newusers. If you're logged in, your username will also be recorded when creating an account.
Parameters
editname
: User name.password
: Password (ignored ifmailpassword
is set).domain
: Domain for external authentication.token
: Account creation token obtained in first request.email
: Email address of user (required if eithermailpassword
or $wgEmailConfirmToEdit are set).realname
: Real name of user. Many wikis haverealname
disabled via $wgHiddenPrefs . To check whetherrealname
is enabled or not, request api.php?action=query&meta=userinfo&uiprop=realname. If you get norealname
property back in the response,realname
is a hidden preference.mailpassword
: If set to any value, a random password will be generated and e-mailed to the user (instead of using thepassword
parameter).reason
: Reason for creating the account. Will be shown in the account creation log (example).language
: Language code to set as default for the user.
Extended parameters when used with Extension:ConfirmEdit (except ReCaptcha):
captchaid
: Previously-provided CAPTCHA ID to send with followup request, if captcha was required.captchaword
: User-provided answer of CAPTCHA to send with followup request, if captcha was required.
Token
editTo create an account, a token is required. To retrieve a token, you make the request that you want, except with the token field being an empty string. Once you retrieve the token, you make the request again with the token filled in. This is similar to how the log in module works. See the example below for details.
Example
editNote: In this example, all parameters are passed in a GET request just for the sake of simplicity. However, action=createaccount requires POST requests; GET requests will cause an error.
We should now receive a response like:
{
"createaccount": {
"result": "NeedToken",
"token": "387bc54bd0ec29333178800ce4213306"
}
}
We take the token given here, and add it to the request:
Assuming everything works, we should get a result like:
{
"createaccount": {
"result": "Success",
"token": "387bc54bd0ec29333178800ce4213306",
"userid": 1234,
"username": "GymBeauWhales"
}
}
And GymBeauWhales@example.com would get an email with instructions on how to log in.
CAPTCHA
editWhen used with Extension:ConfirmEdit, a CAPTCHA may be presented for new account creations. This is supported via extension in the API here.
When submitting per the above rules and receiving a response, you may also receive a captcha
node in the return data, similar to what is sometimes returned by action=edit.
For a text-based CAPTCHA:
{
"createaccount": {
"result": "NeedCaptcha",
"captcha": {
"type": "simple",
"mime": "text/plain",
"id": "323035635",
"question": "77+5"
}
}
}
For an image-based CAPTCHA:
{
"createaccount": {
"result": "NeedCaptcha",
"captcha": {
"type": "image",
"mime": "image/png",
"id": "1147869849",
"url": "/core/index.php?title=Special:Captcha/image&wpCaptchaId=1147869849"
}
}
}
Be aware that the URL may be site-relative or protocol-relative.
When you receive such a response, you need to submit a third response, which is similar to the one submitted in step 2 but contains the necessary responses. By default, you should return the captcha id in the captchaid
parameter, and the value (solution) of the captcha in the captchaword
parameter, however some captcha modules, like ReCaptcha, use different parameters. Check the module's documentation for specifics.
As of the current code (see [1]) you won't receive the captcha prompt response until after basic validation errors have been taken care of.
Possible outputs
editThe result value can have one of three values (n.b., values are lower-case prior to 1.23):
- NeedToken: A token is needed. A token parameter should also be set with a token to use.
{ "createaccount": { "result": "NeedToken", "token": "8217b293a6bd0bba84cc1cb661a06a5d" } }
- If you get a NeedToken result when you are expecting a success result, make sure the token you are sending is correct, and that you are sending along any cookies sent by the API.
- Success: Everything worked
{ "createaccount": { "result": "Success", "token": "8217b293a6bd0bba84cc1cb661a06a5d", "userid": 1234, "username": "Foo" } }
- Warning: Not used in core, however extensions can (in theory) add warnings, in which case the result attribute will be warning. However, this still generally means the account was created successfully.
Possible errors
editAll errors are formatted as:
{
"error": {
"code": "code",
"info": "info"
}
}
Many of the info codes to this module correspond to system messages. As a result the info part may change and in particular will vary with language.
Code | Info |
---|---|
nocookiesfornew | The user account was not created, as we could not confirm its source. Ensure you have cookies enabled, reload this page and try again. Note: This code is sometimes returned due to a bug in early versions of MediaWiki 1.21. If you receive this error, retrying the request (ensuring cookies are sent) should fix. |
sorbs_create_account_reason | Your IP address is listed as an open proxy in the DNSBL . |
noname | You have not specified a valid username |
userexists | Username entered already in use |
password-name-match | Your password must be different from your username. |
password-login-forbidden | The use of this username and password has been forbidden |
noemailtitle | No email address |
invalidemailaddress | The e-mail address cannot be accepted as it appears to have an invalid format |
externaldberror | There was either an authentication database error or you are not allowed to update your external account |
passwordtooshort | The password was shorter than the value of $wgMinimalPasswordLength |
noemail | There is no e-mail address recorded for user |
mustbeposted | The createaccount module requires a POST request |
acct_creation_throttle_hit | Visitors to this wiki using your IP address have created $1 accounts in the last day, which is the maximum allowed in this time period. As a result, visitors using this IP address cannot create any more accounts at the moment. |
wrongpassword | Incorrect password entered. Please try again. Note: Can be caused by the "domain" field being incorrect. |
aborted | Aborted by an extension (info will have more details) |
blocked | You cannot create a new account because you are blocked |
permdenied-createaccount | You do not have the right to create a new account |
createaccount-hook-aborted | An extension aborted the account creation |
captcha-createaccount-fail | (With Extension:ConfirmEdit and old core) Submitted CAPTCHA answer was incorrect |
Disable
editTo disable specifically this API feature, insert the following line in your configuration file:
$wgAPIModules['createaccount'] = 'ApiDisabled';
See also
edit- How to restrict API usage
- Enable/Disable (write) API
- Extension:SignupAPI from 2011: in order to implement a Special:UserSignup form with an AJAX-y interactive validation, this extension also implements
action=signup
andaction=validatesignup
APIs.
The following documentation is the output of Special: |
action=createaccount (create)
- This module requires write rights.
- This module only accepts POST requests.
- Source: MediaWiki
- License: GPL-2.0-or-later
Create a new user account.
The general procedure to use this module is:
- Fetch the fields available from action=query&meta=authmanagerinfo with amirequestsfor=create, and a createaccount token from action=query&meta=tokens.
- Present the fields to the user, and obtain their submission.
- Post to this module, supplying createreturnurl and any relevant fields.
- Check the status in the response.
- If you received PASS or FAIL, you're done. The operation either succeeded or it didn't.
- If you received UI, present the new fields to the user and obtain their submission. Then post to this module with createcontinue and the relevant fields set, and repeat step 4.
- If you received REDIRECT, direct the user to the redirecttarget and wait for the return to createreturnurl. Then post to this module with createcontinue and any fields passed to the return URL, and repeat step 4.
- If you received RESTART, that means the authentication worked but we don't have a linked user account. You might treat this as UI or as FAIL.
- createrequests
Only use these authentication requests, by the id returned from action=query&meta=authmanagerinfo with amirequestsfor=create or from a previous response from this module.
- Separate values with | or alternative.
- Maximum number of values is 50 (500 for clients that are allowed higher limits).
- createmessageformat
Format to use for returning messages.
- One of the following values: html, none, raw, wikitext
- Default: wikitext
- createmergerequestfields
Merge field information for all authentication requests into one array.
- Type: boolean (details)
- createpreservestate
Preserve state from a previous failed login attempt, if possible.
If action=query&meta=authmanagerinfo returned true for hasprimarypreservedstate, requests marked as primary-required should be omitted. If it returned a non-empty value for preservedusername, that username must be used for the username parameter.
- Type: boolean (details)
- createreturnurl
Return URL for third-party authentication flows, must be absolute. Either this or createcontinue is required.
Upon receiving a REDIRECT response, you will typically open a browser or web view to the specified redirecttarget URL for a third-party authentication flow. When that completes, the third party will send the browser or web view to this URL. You should extract any query or POST parameters from the URL and pass them as a createcontinue request to this API module.
- createcontinue
This request is a continuation after an earlier UI or REDIRECT response. Either this or createreturnurl is required.
- Type: boolean (details)
- createtoken
A "createaccount" token retrieved from action=query&meta=tokens
- This parameter is required.
- *
- This module accepts additional parameters depending on the available authentication requests. Use action=query&meta=authmanagerinfo with amirequestsfor=create (or a previous response from this module, if applicable) to determine the requests available and the fields that they use.
- Start the process of creating the user Example with the password ExamplePassword.
- api.php?action=createaccount&username=Example&password=ExamplePassword&retype=ExamplePassword&createreturnurl=http://example.org/&createtoken=123ABC [open in sandbox]