API:Protect

Token
To change a page's protection level, a CSRF token is required. This token is the same for all pages, but changes at every login. CSRF tokens can be obtained via action=query&meta=tokens with  (MW 1.24+).

In previous versions of MediaWiki, a protect token was required (deprecated) This token is equal to the edit token and the same for all pages, but changes at every login. Protect tokens can be obtained via action=tokens with type=protect (MW 1.20+), or by using the following method:

Protecting pages
Pages can be protected with action=protect.

Parameters

 * If you want to remove a protection, use  as group, e.g.
 * If you leave out an action, the associated value won't be changed, i.e.  leaves the move protection untouched.
 * The number of expiry timestamps must equal the number of protections, or you'll get an error message
 * An exception to this rule is made for backwards compatibility: if you specify exactly one expiry timestamp, it'll apply to all protections
 * Not setting this parameter is equivalent to setting it to
 * The latter is to prevent people who shouldn't be able to protect pages from protecting them anyway by transcluding them in a page with cascading protection.
 * The number of expiry timestamps must equal the number of protections, or you'll get an error message
 * An exception to this rule is made for backwards compatibility: if you specify exactly one expiry timestamp, it'll apply to all protections
 * Not setting this parameter is equivalent to setting it to
 * The latter is to prevent people who shouldn't be able to protect pages from protecting them anyway by transcluding them in a page with cascading protection.
 * The latter is to prevent people who shouldn't be able to protect pages from protecting them anyway by transcluding them in a page with cascading protection.
 * The latter is to prevent people who shouldn't be able to protect pages from protecting them anyway by transcluding them in a page with cascading protection.
 * The latter is to prevent people who shouldn't be able to protect pages from protecting them anyway by transcluding them in a page with cascading protection.
 * The latter is to prevent people who shouldn't be able to protect pages from protecting them anyway by transcluding them in a page with cascading protection.

Examples
Note: In this example, all parameters are passed in a GET request just for the sake of simplicity. However, action=protect requires POST requests; GET requests will cause an error.

Possible errors
In addition to the usual stuff: