API:Checktoken

This page is part of the MediaWiki Action API documentation.

GET request to check the validity of a token from the tokens module. It will only work if the request comes from the owner of the token, it can not be used by third parties to check the token's validity, for that you would have to use extensions such as Extension:Third party session verification .

MediaWiki version:

≥ 1.25

API documentation

The following documentation is the output of Special:ApiHelp/checktoken, automatically generated by the pre-release version of MediaWiki that is running on this site (MediaWiki.org).

action=checktoken

(main | checktoken)

This module requires read rights.
Source: MediaWiki
License: GPL-2.0-or-later

Check the validity of a token from action=query&meta=tokens.

https://www.mediawiki.org/wiki/Special:MyLanguage/API:Checktoken

Specific parameters:

Other general parameters are available.

type: Type of token being tested.; This parameter is required.; One of the following values: createaccount, csrf, deleteglobalaccount, login, patrol, rollback, setglobalaccountstatus, userrights, watch
token: Token to test.; This parameter is required.
maxtokenage: Maximum allowed age of the token, in seconds.; Type: integer

Example:

Test the validity of a csrf token.: api.php?action=checktoken&type=csrf&token=123ABC [open in sandbox]

Example

GET request

Check a CSRF token.

api.php?action=checktoken&type=csrf&token=123ABC&format=json [try in ApiSandbox]

Response

{
    "checktoken": {
        "result": "invalid"
    }
}

Sample code

Python

#!/usr/bin/python3

"""
    check_token.py

    MediaWiki API Demos
    Demo of `Checktoken` module: Check a CSRF token.

    MIT License
"""

import requests

S = requests.Session()

URL = "https://en.wikipedia.org/w/api.php"

PARAMS = {
    "action": "checktoken",
    "token": "123ABC",
    "type": "csrf",
    "format": "json"
}

R = S.get(url=URL, params=PARAMS)
DATA = R.json()

print(DATA)

PHP

<?php
/*
    check_token.php

    MediaWiki API Demos
    Demo of `Checktoken` module: Check a CSRF token.

    MIT License
*/

$endPoint = "https://en.wikipedia.org/w/api.php";
$params = [
    "action" => "checktoken",
    "token" => "123ABC",
    "type" => "csrf",
    "format" => "json"
];

$url = $endPoint . "?" . http_build_query( $params );

$ch = curl_init( $url );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
$output = curl_exec( $ch );
curl_close( $ch );

echo( $output );

JavaScript

/*
    check_token.js

    MediaWiki API Demos
    Demo of `Checktoken` module: Check a CSRF token.

    MIT License
*/

var url = "https://en.wikipedia.org/w/api.php"; 

var params = {
    action: "checktoken",
    token: "123ABC",
    type: "csrf",
    format: "json"
};

url = url + "?origin=*";
Object.keys(params).forEach(function(key){url += "&" + key + "=" + params[key];});

fetch(url)
    .then(function(response){return response.json();})
    .then(function(response) {console.log(response);})
    .catch(function(error){console.log(error);});

MediaWiki JS

/*
	check_token.js

	MediaWiki API Demos
	Demo of `Checktoken` module: Check a CSRF token.

	MIT License
*/

var params = {
		action: 'checktoken',
		token: '123ABC',
		type: 'csrf',
		format: 'json'
	},
	api = new mw.Api();

api.get( params ).done( function ( data ) {
	console.log( data );
} );

Possible errors


Code	Info
notoken	The `token` parameter must be set.
notype	The `type` parameter must be set.
unknown_type	Unrecognized value for parameter `type`: ###.