API:Login

Login gets several tokens that are needed by the server to recognize logged-in user. In every call to api.php, the three values must either be passed as additional parameters, or as cookies within the request header. If any of the login values are given as part of the request, all cookie values are ignored. Please note that user name is passed in as lgname, but returned as normalized lgusername. The first is used for authentication, whereas the second may be passed together with lgtoken and lguserid as tokens when making calls to other modules.

Note: In this and other examples, all parameters are passed in a GET request just for the sake of simplicity. In your application, make sure all large and/or security sensitive parameters are given as part of the POST request. Request: api.php ? action=login & lgname=Yurik & lgpassword=12345 [& lgdomain=wikipedia.org] Result: api: login: result: Success        Other values: NoName, Illegal, WrongPluginPass, NotExists, WrongPass, EmptyPass lgtoken: 123ABC        Also returned as a cookie (e.g. enwikiToken) lgusername: Yurik      Normalized lgname,  also returned as a cookie (e.g. enwikiUserName) lguserid: 12345        Also returned as a cookie (e.g. enwikiUserID)

To use the above values, pass them without alteration to any api.php call in addition to other parameters. Here, a rollback token is acquired for the Main Page (restricted operation): api.php ? action=query & lgtoken=123ABC & lgusername=Yurik & lguserid=23456 & prop=info & intokens=rollback & titles=Main Page


 * Example
 * http://en.wikipedia.org/w/api.php?action=login&lgname=user&lgpassword=password


 * Important
 * For security reasons, a throttle has been implemented for this method. A failed log-in attempt will require that you either authenticate through the standard Special:Userlogin or wait 60 seconds before you can attempt to log-in through this module again. This throttle is only enabled on servers that support memcaching.