API:Edit

POST request to edit a page.

Example
The sample code in this example is in Python. See /Editing with Ajax for examples and responses in Ajax.

POST Request
Making edits, and, indeed, any POST request aside from logging in, is a four step process.


 * 1. GET a login token from API:Tokens.
 * 2. Log in by making a POST request with the token.
 * 3. GET a CSRF token after logging in.
 * 4. Send a POST request, with the CSRF token, to take action on a page.
 * 3. GET a CSRF token after logging in.
 * 4. Send a POST request, with the CSRF token, to take action on a page.
 * 4. Send a POST request, with the CSRF token, to take action on a page.

The Response section below is for the final POST request, described in Step 4. See the pages on API:Login and API:Tokens for the intermediary JSON responses to earlier steps.

Also note that the tokens in the queries on this page are sample values. Actual tokens are unique to each login session and cross-site request. They are included only to demonstrate how to properly format queries.

Sample code
edit.py

Edit conflicts
The Python sample above is a basic implementation, of an edit request by a registered user. In real-world scenarios care should be taken to prevent edit conflicts. These occur when two or more users are attempting to edit the same page at the same time.

Conflicts can be prevented by retrieving the last revision timestamp when we request a CSRF token. Adding  to the CSRF token request in Step 3 allows us to access the timestamp for the last revision. This timestamp will be used as the  when we make our the edit request.

We also need the exact time when we start our edit. This can be retrieved by adding  to the CSRF request as well. This value will serve as our.

Finally, in the actual edit request, set the  and   parameters, like so:

Large edits
POST requests containing large amounts of text content (8000+ characters) should be sent with  indicated in the header. Because  does not need to add HTML escape characters (i.e., percent encoding) for spaces and punctuation, the amount of data passed will subsequently be much smaller than the percent-encoded equivalent.

However, there is still some overhead added by  -- roughly, 160 bytes per parameter. For short messages that don't require adding many escape characters, this amount of overhead can be inefficient, and percent-encoding is preferred.

Note that in our Python sample code, the request is percent-encoded by default.

See the MDN web docs for a more technical discussion of content-type and POST requests. See the Python Requests documentation for how to pass  using syntax similar to our Python sample code.

CAPTCHAs
If the wiki you are targeting uses CAPTCHAs, your request may return an error containing an id number and a simple test, such as a question, a math problem, or an URL to an image. In order to complete your edit, you must complete the test, then re-try your request with the id and the correct answer(s) appended to the original query string, like so:.

Other CAPTCHA systems and extensions may use different parameters for similar use. In general, use the field names for the id and test questions as the parameters in your second request.

Parameter history

 * v1.25: Introduced
 * v1.21: Introduced ,
 * v1.20: Introduced
 * v1.19: Introduced
 * v1.18: Deprecated ,
 * v1.17: Introduced
 * v1.16: Deprecated ,
 * v1.16: Introduced
 * v1.15: Introduced ,
 * v1.14: Introduced

Additional notes

 * Log in is not strictly required by the API, but it is needed to correctly attribute the edit to its author. A successful edit from a user who is not logged in will be attributed to their IP address.
 * Bots that are not logged in may face restrictions on editing and other write requests; see Manual:Creating_a_bot for more details.
 * Users who are not logged in will always be given the empty CSRF token,.
 * The process for requesting a token has changed several times across versions. See API:Tokens for more information.
 * ResourceLoader provides a way to access edit tokens when running code within a wiki page.
 * You can use the same login token for all edit operations across the same wiki, during a single login session.
 * It is a good practice to pass any tokens in your request at the end of the query string, or at least after the text parameter. That way, if the connection is interrupted, the token will not be passed and the edit will fail. If you are using the mw.Api object to make requests, this is done automatically.
 * Although  and   have, technically, been removed from API:Edit since v1.18, Extension:ConfirmEdit extends API:Edit to work with CAPTCHAs. Thus, with ConfirmEdit installed, these parameters are still available. ConfirmEdit comes packaged with the MediaWiki software, v1.18+.