API:Login

Login gets several tokens that are needed by the server to recognize logged-in user. In every call to api.php, the cookie set by this request must be passed.

Example request
Note: In this example, all parameters are passed in a GET request just for the sake of simplicity. However, action=login requires POST requests; GET requests will cause an error.

You might need to add the query parameter, containing your domain name for authentication, if you're  using an authentication plug-in like Extension:LDAP Authentication.

Constructing cookies manually
A successful action=login request will set the right cookies, but if you're unable to fetch it, you can also construct them from the data returned. In the example above, you'd set the following cookies: Note that the  part is different for every wiki, and is returned in the   field.
 * enwikiUserName =  (from the   field)
 * enwikiUserID =  (from the   field)
 * enwikiToken =  (from the   field)
 * enwiki_session =  (from the   field)

Errors
Errors are returned in the result field. Possible values are:
 * You didn't set the lgname parameter
 * You provided an illegal username
 * The username you provided doesn't exist
 * You didn't set the lgpassword parameter or you left it empty
 * The password you provided is incorrect
 * Same as, returned when an authentication plugin rather than MediaWiki itself rejected the password
 * The wiki tried to automatically create a new account for you, but your IP address has been blocked from account creation
 * Your waiting time hasn't expired yet. See also throttling
 * The password you provided is incorrect
 * Same as, returned when an authentication plugin rather than MediaWiki itself rejected the password
 * The wiki tried to automatically create a new account for you, but your IP address has been blocked from account creation
 * Your waiting time hasn't expired yet. See also throttling
 * The wiki tried to automatically create a new account for you, but your IP address has been blocked from account creation
 * Your waiting time hasn't expired yet. See also throttling
 * Your waiting time hasn't expired yet. See also throttling
 * Your waiting time hasn't expired yet. See also throttling

Throttling
For security reasons, this module is throttled. A failed login attempt will require that you either authenticate through the standard Special:Userlogin or wait 5 seconds before you can attempt to login through this module again. Upon every subsequent attempt, the waiting time will be doubled. Retrying before the waiting time is over will fail with a  error, but will not restart the waiting time. The number of seconds you have to wait until your next attempt is returned in the 'wait' field. Throttling is only enabled on servers that support memcaching.