API:Assert

The action API provides some parameters which you can add to any request to verify certain conditions before the API request is served.

The available parameters are:


 *  : Checks that you are not using a user account
 *  : Checks that you are using a user account
 *  : Checks that your account has the "" user right
 *  : Checks that your account is the expected user

Note that  will also fail, and   will also succeed, for temporary users.

If the assertion fails, error codes of,  ,  or  will be returned, respectively.

Rationale and use cases
These parameters are intended as a second line of defense against two kinds of problems:

Bot operator errors
It's easy for a simple operator error to cause a lot of bad edits, such as the bot running on the wrong wiki or under the wrong username, especially if you're running more than one bot task. The  and   parameters are intended to help prevent those mistakes.

Login session expiration
After logging in, the cookies you receive are only valid for 30 days by default, after which time your bot will become logged out, and may continue working with its actions being attributes to the IP address or a temporary username (if logged-out users are allowed to perform them). The  parameter is intended to prevent this.

Switching user accounts
Interactive tools (in the browser) using the API to edit often want to make sure the user understands how their work will be attributed. When the user logs in or out in another browser tab (or their login session expires), this won't be immediately reflected in the tool's interface, but the new login session will be used for saving actions. The  and   parameters are intended to allow detecting this scenario and displaying an appropriate message before continuing.

Checking if you are logged in
If you simply want to check whether you are logged into the action API, you can issue a request with parameters. This will return a simple blank response ( in the JSON format) if you are indeed logged in, or the   error if not.

Normally, you will not need to do this. Instead, add the  parameter to all requests that should be made by a logged-in user.