API:Edit

POST request to edit a page.

Example
The sample code in this example is in Python. See  for examples and responses in .

POST request
Making edits, and, indeed, any POST request, is a multi-step process.


 * 1. Log in, via one of the methods described in . Note that while this is required to correctly attribute the edit to its author, many wikis do allow users to edit without registering or logging into an account.


 * 2. GET a :


 * 3. Send a POST request, with the CSRF token, to take action on a page:

The Response section below is for the final POST request, to take action on the page. See the pages on  and  for the intermediary JSON responses to earlier steps.

Also note that the tokens in the queries on this page are sample values. Actual tokens are unique to each login session and cross-site request. They are included only to demonstrate how to properly format queries.

Edit conflicts
The Python sample is a basic implementation, of an edit request by a registered user. In real-world scenarios care should be taken to prevent edit conflicts. These occur when two or more users are attempting to edit the same page at the same time.

Conflicts can be prevented by retrieving the last timestamp when we request a CSRF token. Adding  to the CSRF token request in Step 3 allows us to access the timestamp for the last revision. This timestamp will be used as the   when we make our the edit request.

We also need the exact time when we start our edit. This can be retrieved by adding   to the CSRF request as well. This value will serve as our  .

Finally, in the actual edit request, set the <tvar|1> </> and <tvar|2> </> parameters, like so:

Large edits
POST requests containing large amounts of text content (8000+ characters) should be sent with <tvar|1> </> indicated in the header. Because  does not need to add HTML escape characters (i.e., percent encoding) for spaces and punctuation, the amount of data passed will subsequently be much smaller than the percent-encoded equivalent.

However, there is still some overhead added by <tvar|1> </> -- roughly, 160 bytes per parameter. For short messages that don't require adding many escape characters, this amount of overhead can be inefficient, and percent-encoding is preferred<tvar|ref> </>.

Note that in our 1>#Example</>|Python sample code, the request is percent-encoded by default.

See the MDN web docs for a more technical discussion of content-type and POST requests. See the Python Requests documentation for how to pass <tvar|1> </> using syntax similar to our Python sample code.

CAPTCHAs
If the wiki you are targeting uses, your request may return an error containing an id number and a simple test, such as a question, a math problem, or an URL to an image. In order to complete your edit, you must complete the test, then retry your request with the id and the correct answer(s) appended to the original query string, like so:

Other CAPTCHA systems and extensions may use different parameters for similar use. In general, use the field names for the id and test questions as the parameters in your second request.

Parameter history

 * v1.25: Introduced <tvar|1> </>
 * v1.21: Introduced <tvar|1>, </>
 * v1.20: Introduced <tvar|1> </>
 * v1.19: Introduced <tvar|1> </>
 * v1.18: Deprecated <tvar|1>, </>
 * v1.17: Introduced <tvar|1> </>
 * v1.16: Deprecated <tvar|1>, </>
 * v1.16: Introduced <tvar|1> </>
 * v1.15: Introduced <tvar|1>, </>
 * v1.14: Introduced <tvar|1> </>

Additional notes

 * Log in is not strictly required by the API, but it is needed to correctly attribute the edit to its author. A successful edit from a user who is not logged in will be attributed to their IP address.


 * Bots that are not logged in may face restrictions on editing and other write requests; see for more details.


 * Users who are not logged in will always be given the empty CSRF token, <tvar|1> </>.


 * The process for requesting a token has changed several times across versions. See <tvar|1></> for more information.


 * <tvar|1></> provides a way to access edit tokens when running code within a wiki page.


 * You can use the same login token for all edit operations across the same wiki, during a single login session.


 * It is a good practice to pass any tokens in your request at the end of the query string, or at least after the text parameter. That way, if the connection is interrupted, the token will not be passed and the edit will fail.  If you are using the <tvar|1></> object to make requests, this is done automatically.


 * Although <tvar|1> </> and <tvar|2> </> have, technically, been removed from API:Edit since v1.18, <tvar|3></> extends API:Edit to work with CAPTCHAs. Thus, with ConfirmEdit installed, these parameters are still available.  ConfirmEdit comes packaged with the MediaWiki software, v1.18+.