API:Account creation

You can create accounts using the API. This can be a new account for yourself, or you can create an account for someone else, with a random password mailed to that person. Account creations are recorded in Special:log/newusers. If you're logged in, your username will also be recorded when creating an account.

This page documents the account creation API as of MediaWiki 1.27. Documentation of the API as it existed in earlier versions is available here.

Creating an account
To create an account, a token is required. This token should be fetched using a query.

This action implements an interactive account creation process, which might include CAPTCHAs, interactions with third-party authentication services, two-factor authentication, and more. As such, the specific fields required may vary depending on the configuration of the wiki. A description of the fields needed should be fetched from the query.

Simple example
On a wiki without any special authentication extensions, the fields needed might include username, password , and retype , and optionally email and realname.

Creating an account for someone else
If you're creating an account for someone else, you'll also need to specify a reason. You might also use mailpassword in place of password and retype to have MediaWiki send the new user a temporary password via email.

A complex example
On the other hand, a wiki with a CAPTCHA extension, an extension for authentication using OpenID Connect, and a two-factor authentication extension might have a more complicated account creation process process.

The client would be expected to redirect the user's browser to the provided redirecttarget.

The OpenID provider would authenticate, and redirect to Special:OpenIDConnectReturn on the wiki, which would validate the OpenID response and then redirect to the createreturnurl provided in the first POST to the API with the code and state parameters added.

The client gets control of the process back at this point and makes its next API request.

Now the client would prompt the user to set up a new account in their two-factor authentication app and enter the current code, or allow the user to skip 2FA setup. Let's assume the user does set up 2FA.

The account creation has finally succeeded.

If at any point account creation fails, a response with status FAIL will be returned, along with a message to display to the user.

Disable
To disable specifically this API feature, insert the following line in your configuration file: