API:Login/ja

MediaWiki API では、あなたのアプリケーションやクライアントが認証された利用者の資格情報とログインを提供する必要がある場合があります. それは以下の目的で行われます: (a) 情報のクエリやデータの変更操作、(b) 高いリクエスト数制限を持つ大規模なクエリの実行のためです.



認証するための 2 つの方法
MediaWiki 操作 API への認証方法は 2 つあります:



方法1. ログイン
ボットやその他の非対話型アプリケーションは、可能であれば所有者専用 OAuth コンシューマーを使用する方がセキュリティ上より安全です. 利用できない場合や、クライアントに適用できない場合は、ボット パスワードを使用して  操作を行えます.



例


レスポンス


サンプル コード


Method 2. clientlogin
Interactive applications such as custom editors or patrolling applications that provide a service without intending to fully replace the website or mobile apps that aim to completely replace access to the web-based user interface should use the  action. However, one should prefer using if it is available for authenticating the tool, as it is easier and more secure. This module is available since MediaWiki 1.27.



Example 1: Process for a wiki without special authentication extensions


POST リクエスト
Obtain token login in the request above via.

レスポンス


Example 2: Process for a wiki with special authentication extensions
A wiki with special authentication extensions such as (captchas),,  (two factor authentication), may have a more complicated authentication process. Specific fields might also be required in that case, the description of which could be fetched from the query.

Step 3: Two-factor authentication
Note: In certain cases it's possible to receive a  response, for example if the OpenID Connect extension had no mapping for the OpenID account to any local user. In this case the client might restart the login process from the beginning or might switch to account creation, in either case passing the loginpreservestate or createpreservestate parameter to preserve some state.



追加的な注記

 * 匿名で編集できるウィキでは、ログインしなくても API 経由で編集できますが、ログインすることを強く推奨します. 非公開のウィキでは、あらゆる API 機能についてログインが必須です.
 * It is recommended to create a separate user account for your application. This is especially important if your application is carrying out automated editing or invoking large or performance-intensive queries. With that, it is easy to track changes made by the application and apply special rights to the application's account.
 * If you are sending a request that should be made by a logged-in user, add  parameter to the request you are sending in order to check whether the user is logged in. If the user is not logged-in, an   error code will be returned.
 * To check if an account has bot rights, add  parameter to the request. If the account does not have bot rights, an   error code will be returned.



関連項目

 * - Returns information about the currently logged-in user
 * Interactive login with action=clientlogin in mwapi
 * Interactive login with action=clientlogin in mwapi