API:Account creation/it

Creating an account
The process has three general steps:


 * 1) Fetch the fields from  and the token from.
 * 2) Send a POST request with the fetched token, user information and other fields, and return URL to the API.
 * 3) Deal with the response, which might involve further POST requests to supply more information.

Example 1: Process on a wiki without special authentication extensions
A wiki without special authentication extensions can be rather straightforward. If your code knows which fields will be required, it might skip the call to and just assume which fields will be needed (i.e. username, password &amp; retyped password, email, possibly realname).

Example 2: Process on a wiki with a CAPTCHA extension
Note the first step below could, if you'd rather, be done as two steps: one to fetch the fields available from and another to fetch the token from.

Sample Code
Note this code sample separates the and  requests, and generally assumes there will be a CAPTCHA and no other complications.

First step: Fetch fields available from and token from
The fetching of and  is largely the same as in the previous example, and so is not repeated here. The list of requests returned by will include definitions for both the CAPTCHA extension and the OpenID extension.

Second step: Answer the CAPTCHA and select OpenID authentication.
The client would be expected to redirect the user's browser to the provided redirecttarget.

The OpenID provider would authenticate, and redirect to Special:OpenIDConnectReturn on the wiki, which would validate the OpenID response and then redirect to the createreturnurl provided in the first POST to the API with the code and state parameters added.

The client gets control of the process back at this point and makes its next API request.

Third step: Back from OpenID.
The client posts the code and state back to the API. The API's response has the two-factor authentication extension prompting the user to set up their second factor.

Now the client would prompt the user to set up a new account in their two-factor authentication app and enter the current code, or allow the user to skip 2FA setup. Let's assume the user does set up 2FA.

Fourth step: Set up two-factor authentication.
The account creation has finally succeeded.

If at any point account creation fails, a response with status FAIL will be returned, along with a message to display to the user.

Additional notes

 * Account creations are recorded in Special:log/newusers.

If you are logged in, your username will also be recorded when creating an account.


 * While executing the code snippets provided on this page, remember:
 * Once an account on a wiki is created, it cannot be deleted.
 * Always use as the endpoint, so that you don't accidentally create accounts on production wikis.
 * MediaWiki site administrators and extension developers can disable this API feature by inserting the following line in the configuration file: