API:Assert
This page is part of the MediaWiki Action API documentation. |
MediaWiki version: | ≥ 1.23 |
The assert parameter of the Action API can be set on any API request to verify certain conditions before the requested action is executed.
The available options are:
assert=anon
: Check that you are acting as an IP user . This prevents accidental use of a registered account. Since MediaWiki 1.35 • change 572374assert=user
: Check that you are using a registered account (either "named" or temporary). This prevents accidental fallback to an IP user.assert=bot
: Check that you are logged-in with an account that has the "bot " user right. This prevents your script from interacting with wikis where your bot does not have the bot flag.assertuser=...
: Check that you are logged-in with the expected user name. Since MediaWiki 1.28
Note that temporary users satisfy assert=user
, and fail assert=anon
.
Possible errors
editIf the assertion fails, one of the following error codes will be returned:
assertanonfailed
assertuserfailed
assertbotfailed
assertnameduserfailed
Rationale and use cases
editThese parameters are intended as a second line of defense against several kinds of problems:
Bot operator errors
editIt's easy for a simple operator error to cause a lot of bad edits, such as the bot running on the wrong wiki or under the wrong username, especially if you're running more than one bot task.
The assert=bot
and assertuser=...
parameters are intended to help prevent those mistakes.
Login session expiration
editAfter logging in, the cookies you receive are only valid for 30 days by default, after which time your bot will become logged out, and may continue working with its actions being attributed to the IP address or a temporary username (if logged-out users are allowed to perform them).
The assert=user
parameter is intended to prevent this.
Switching user accounts
editInteractive tools (in the browser) using the API to edit often want to make sure the user understands how their work will be attributed.
When the user logs in or out in another browser tab (or their login session expires), this won't be immediately reflected in the tool's interface, but the new login session will be used for saving actions.
The assertuser=...
and assert=anon
parameters are intended to allow detecting this scenario and displaying an appropriate message before continuing.
Standalone check
editIf you want to check whether your HTTP client is logged into the Action API, without performing any other action, you can send a request with the parameters action=query&assert=user
.
This will return an empty response ({}
in the JSON format) if you are indeed logged in, or the assertuserfailed
error if not.
Normally, you will not need to perform a separate request like this.
Instead, set the assert=user
parameter on each of your requests.