API:Account creation/it

Creating an account
The process has three general steps:
 * 1) Fetch the fields from API:Authmanagerinfo and the token from API:Tokens.
 * 2) Send a POST request with the fetched token, user information and other fields, and return URL to the API.
 * 3) Deal with the response, which might involve further POST requests to supply more information.

Example 1: Process on a wiki without special authentication extensions
A wiki without special authentication extensions can be rather straightforward. If your code knows which fields will be required, it might skip the call to API:Authmanagerinfo and just assume which fields will be needed (i.e. username, password &amp; retyped password, email, possibly realname).

Note: If you're creating an account for someone else, you'll need to specify a reason for the same by including a  parameter to the POST request. You could also use  in place of   and   parameters to have MediaWiki send the new user a temporary password via email.

Sample code
create_account.py

Example 2: Process on a wiki with a CAPTCHA extension
Note the first step below could, if you'd rather, be done as two steps: one to fetch the fields available from API:Authmanagerinfo and another to fetch the token from API:Tokens.

Sample Code
Note this code sample separates the API:Authmanagerinfo and API:Tokens requests, and generally assumes there will be a CAPTCHA and no other complications.

First step: Fetch fields available from API:Authmanagerinfo and token from API:Tokens
The fetching of API:Authmanagerinfo and API:Tokens is largely the same as in the previous example, and so is not repeated here. The list of requests returned by API:Authmanagerinfo will include definitions for both the CAPTCHA extension and the OpenID extension.

Second step: Answer the CAPTCHA and select OpenID authentication.
The client would be expected to redirect the user's browser to the provided redirecttarget.

The OpenID provider would authenticate, and redirect to Special:OpenIDConnectReturn on the wiki, which would validate the OpenID response and then redirect to the createreturnurl provided in the first POST to the API with the code and state parameters added.

The client gets control of the process back at this point and makes its next API request.

Third step: Back from OpenID.
The client posts the code and state back to the API. The API's response has the two-factor authentication extension prompting the user to set up their second factor.

Now the client would prompt the user to set up a new account in their two-factor authentication app and enter the current code, or allow the user to skip 2FA setup. Let's assume the user does set up 2FA.

Fourth step: Set up two-factor authentication.
The account creation has finally succeeded.

If at any point account creation fails, a response with status FAIL will be returned, along with a message to display to the user.

Additional notes

 * Account creations are recorded in Special:log/newusers.

If you're logged in, your username will also be recorded when creating an account.


 * While executing the code snippets provided on this page, remember:
 * Once an account on a wiki is created, it cannot be deleted.
 * Always use as the endpoint, so that you don't accidentally create accounts on production wikis.
 * MediaWiki site administrators and extension developers can disable this API feature by inserting the following line in the configuration file: