API:Checktoken

GET request to check the validity of a token from the tokens module. It will only work if the request comes from the owner of the token, it can not be used by third parties to check the token's validity, for that you would have to use extensions such as Extension:Third party session verification .

MediaWiki version:
1.25

API documentation edit


action=checktoken

(main | checktoken)

Check the validity of a token from action=query&meta=tokens.

Specific parameters:
Other general parameters are available.
type

Type of token being tested.

This parameter is required.
One of the following values: createaccount, csrf, deleteglobalaccount, login, patrol, rollback, setglobalaccountstatus, userrights, watch
token

Token to test.

This parameter is required.
maxtokenage

Maximum allowed age of the token, in seconds.

Type: integer

Example edit

GET request edit

Check a CSRF token.


Response edit

{
    "checktoken": {
        "result": "invalid"
    }
}

Sample code edit

Python edit

#!/usr/bin/python3

"""
    check_token.py

    MediaWiki API Demos
    Demo of `Checktoken` module: Check a CSRF token.

    MIT License
"""

import requests

S = requests.Session()

URL = "https://en.wikipedia.org/w/api.php"

PARAMS = {
    "action": "checktoken",
    "token": "123ABC",
    "type": "csrf",
    "format": "json"
}

R = S.get(url=URL, params=PARAMS)
DATA = R.json()

print(DATA)

PHP edit

<?php
/*
    check_token.php

    MediaWiki API Demos
    Demo of `Checktoken` module: Check a CSRF token.

    MIT License
*/

$endPoint = "https://en.wikipedia.org/w/api.php";
$params = [
    "action" => "checktoken",
    "token" => "123ABC",
    "type" => "csrf",
    "format" => "json"
];

$url = $endPoint . "?" . http_build_query( $params );

$ch = curl_init( $url );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
$output = curl_exec( $ch );
curl_close( $ch );

echo( $output );

JavaScript edit

/*
    check_token.js

    MediaWiki API Demos
    Demo of `Checktoken` module: Check a CSRF token.

    MIT License
*/

var url = "https://en.wikipedia.org/w/api.php"; 

var params = {
    action: "checktoken",
    token: "123ABC",
    type: "csrf",
    format: "json"
};

url = url + "?origin=*";
Object.keys(params).forEach(function(key){url += "&" + key + "=" + params[key];});

fetch(url)
    .then(function(response){return response.json();})
    .then(function(response) {console.log(response);})
    .catch(function(error){console.log(error);});

MediaWiki JS edit

/*
	check_token.js

	MediaWiki API Demos
	Demo of `Checktoken` module: Check a CSRF token.

	MIT License
*/

var params = {
		action: 'checktoken',
		token: '123ABC',
		type: 'csrf',
		format: 'json'
	},
	api = new mw.Api();

api.get( params ).done( function ( data ) {
	console.log( data );
} );

Possible errors edit

Code Info
notoken The token parameter must be set.
notype The type parameter must be set.
unknown_type Unrecognized value for parameter type: ###.