API:Checktoken

GET request to check the validity of a token from the tokens module. It will only work if the request comes from the owner of the token, it can not be used by third parties to check the token's validity, for that you would have to use extensions such as Extension:Third party session verification .

MediaWiki version:
1.25

API documentation

edit

action=checktoken

(main | checktoken)

Check the validity of a token from action=query&meta=tokens.

Specific parameters:
Other general parameters are available.
type

Type of token being tested.

This parameter is required.
One of the following values: createaccount, csrf, deleteglobalaccount, login, patrol, rollback, setglobalaccountstatus, userrights, watch
token

Token to test.

This parameter is required.
maxtokenage

Maximum allowed age of the token, in seconds.

Type: integer


Example

edit

GET request

edit
Check a CSRF token.

Response

edit
{
    "checktoken": {
        "result": "invalid"
    }
}

Sample code

edit

Python

edit
#!/usr/bin/python3

"""
    check_token.py

    MediaWiki API Demos
    Demo of `Checktoken` module: Check a CSRF token.

    MIT License
"""

import requests

S = requests.Session()

URL = "https://en.wikipedia.org/w/api.php"

PARAMS = {
    "action": "checktoken",
    "token": "123ABC",
    "type": "csrf",
    "format": "json"
}

R = S.get(url=URL, params=PARAMS)
DATA = R.json()

print(DATA)
<?php
/*
    check_token.php

    MediaWiki API Demos
    Demo of `Checktoken` module: Check a CSRF token.

    MIT License
*/

$endPoint = "https://en.wikipedia.org/w/api.php";
$params = [
    "action" => "checktoken",
    "token" => "123ABC",
    "type" => "csrf",
    "format" => "json"
];

$url = $endPoint . "?" . http_build_query( $params );

$ch = curl_init( $url );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
$output = curl_exec( $ch );
curl_close( $ch );

echo( $output );

JavaScript

edit
/*
    check_token.js

    MediaWiki API Demos
    Demo of `Checktoken` module: Check a CSRF token.

    MIT License
*/

var url = "https://en.wikipedia.org/w/api.php"; 

var params = {
    action: "checktoken",
    token: "123ABC",
    type: "csrf",
    format: "json"
};

url = url + "?origin=*";
Object.keys(params).forEach(function(key){url += "&" + key + "=" + params[key];});

fetch(url)
    .then(function(response){return response.json();})
    .then(function(response) {console.log(response);})
    .catch(function(error){console.log(error);});

MediaWiki JS

edit
/*
	check_token.js

	MediaWiki API Demos
	Demo of `Checktoken` module: Check a CSRF token.

	MIT License
*/

var params = {
		action: 'checktoken',
		token: '123ABC',
		type: 'csrf',
		format: 'json'
	},
	api = new mw.Api();

api.get( params ).done( function ( data ) {
	console.log( data );
} );

Possible errors

edit
Code Info
notoken The token parameter must be set.
notype The type parameter must be set.
unknown_type Unrecognized value for parameter type: ###.