API:Assert

MediaWiki version:
1.23

The assert parameter of the Action API can be set on any API request to verify certain conditions before the requested action is executed.

The available options are:

  • assert=anon: Check that you are acting as an IP user . This prevents accidental use of a registered account. Since MW 1.35 Gerrit change 572374
  • assert=user: Check that you are using a registered account (either "named" or temporary). This prevents accidental fallback to an IP user.
  • assert=bot: Check that you are logged-in with an account that has the "bot " user right. This prevents your script from interacting with wikis where your bot does not have the bot flag.
  • assertuser=...: Check that you are logged-in with the expected user name. Since MW 1.28

Note that temporary users satisfy assert=user, and fail assert=anon.

Possible errors

edit

If the assertion fails, one of the following error codes will be returned:

  • assertanonfailed
  • assertuserfailed
  • assertbotfailed
  • assertnameduserfailed

Rationale and use cases

edit

These parameters are intended as a second line of defense against several kinds of problems:

Bot operator errors

edit

It's easy for a simple operator error to cause a lot of bad edits, such as the bot running on the wrong wiki or under the wrong username, especially if you're running more than one bot task. The assert=bot and assertuser=... parameters are intended to help prevent those mistakes.

Login session expiration

edit

After logging in, the cookies you receive are only valid for 30 days by default, after which time your bot will become logged out, and may continue working with its actions being attributed to the IP address or a temporary username (if logged-out users are allowed to perform them). The assert=user parameter is intended to prevent this.

Switching user accounts

edit

Interactive tools (in the browser) using the API to edit often want to make sure the user understands how their work will be attributed. When the user logs in or out in another browser tab (or their login session expires), this won't be immediately reflected in the tool's interface, but the new login session will be used for saving actions. The assertuser=... and assert=anon parameters are intended to allow detecting this scenario and displaying an appropriate message before continuing.


Standalone check

edit

If you want to check whether your HTTP client is logged into the Action API, without performing any other action, you can send a request with the parameters action=query&assert=user. This will return an empty response ({} in the JSON format) if you are indeed logged in, or the assertuserfailed error if not.

Normally, you will not need to perform a separate request like this. Instead, set the assert=user parameter on each of your requests.