API:Restricting API usage

There are several ways to restrict usage of (certain parts of) the API to certain groups of users, or to disable it altogether. Some of these require changing group permissions.

Disabling modules

You can disable individual modules for all users by adding a line to LocalSettings.php. Exactly what to add depends on the type of module you want to disable:

Examples

To disable anyone from using action=edit:

$wgAPIModules['edit'] = 'ApiDisabled';

To limit the access of an API action, add the following hook for ApiCheckCanExecute :

static function onApiCheckCanExecute( $module, $user, &$message ) {
    $moduleName = $module->getModuleName();
    if (
        $moduleName == 'action' &&
        !in_array( 'right', $user->getRights() )
    ) {
        $message = 'apierror-action-notallowed';
        return false;
    }
    return true;
}

Replace 'action', 'right' and 'apierror-action-notallowed' with the appropriate values.