From MediaWiki.org
Jump to navigation Jump to search
This page is a translated version of the page API:Account creation and the translation is 25% complete.

Other languages:
Deutsch • ‎English • ‎dansk • ‎español • ‎français • ‎italiano • ‎polski • ‎português • ‎română • ‎български • ‎русский • ‎العربية • ‎ไทย • ‎中文 • ‎日本語 • ‎한국어
MediaWiki version: 1.27
Diese Seite dokumentiert die Schnittstelle (API) zur Kontoerstellung der Version 1.27 von MediaWiki. Die Dokumentation einer früheren Version der Schnittstelle ist verfügbar unter Api:Account creation/pre-1.27 .


action=createaccount (create)

(main | createaccount)
  • This module requires write rights.
  • This module only accepts POST requests.
  • Source: MediaWiki
  • License: GPL-2.0-or-later

Create a new user account.

The general procedure to use this module is:

  1. Fetch the fields available from action=query&meta=authmanagerinfo with amirequestsfor=create, and a createaccount token from action=query&meta=tokens.
  2. Present the fields to the user, and obtain their submission.
  3. Post to this module, supplying createreturnurl and any relevant fields.
  4. Check the status in the response.
    • If you received PASS or FAIL, you're done. The operation either succeeded or it didn't.
    • If you received UI, present the new fields to the user and obtain their submission. Then post to this module with createcontinue and the relevant fields set, and repeat step 4.
    • If you received REDIRECT, direct the user to the redirecttarget and wait for the return to createreturnurl. Then post to this module with createcontinue and any fields passed to the return URL, and repeat step 4.
    • If you received RESTART, that means the authentication worked but we don't have a linked user account. You might treat this as UI or as FAIL.

Only use these authentication requests, by the id returned from action=query&meta=authmanagerinfo with amirequestsfor=create or from a previous response from this module.

Separate values with | or alternative. Maximum number of values is 50 (500 for bots).

Format to use for returning messages.

One of the following values: html, wikitext, raw, none
Default: wikitext

Merge field information for all authentication requests into one array.

Type: boolean (details)

Preserve state from a previous failed login attempt, if possible.

If action=query&meta=authmanagerinfo returned true for hasprimarypreservedstate, requests marked as primary-required should be omitted. If it returned a non-empty value for preservedusername, that username must be used for the username parameter.

Type: boolean (details)

Return URL for third-party authentication flows, must be absolute. Either this or createcontinue is required.

Upon receiving a REDIRECT response, you will typically open a browser or web view to the specified redirecttarget URL for a third-party authentication flow. When that completes, the third party will send the browser or web view to this URL. You should extract any query or POST parameters from the URL and pass them as a createcontinue request to this API module.


This request is a continuation after an earlier UI or REDIRECT response. Either this or createreturnurl is required.

Type: boolean (details)

A "createaccount" token retrieved from action=query&meta=tokens

This parameter is required.
This module accepts additional parameters depending on the available authentication requests. Use action=query&meta=authmanagerinfo with amirequestsfor=create (or a previous response from this module, if applicable) to determine the requests available and the fields that they use.

Erstellen eines Kontos

Der Prozess umfasst drei Schritte:

  1. Fetch the fields from API:Authmanagerinfo and the token from API:Tokens .
  2. Send a POST request with the fetched token, user information and other fields, and return URL to the API.
  3. Deal with the response, which might involve further POST requests to supply more information.

Example 1: Process on a wiki without special authentication extensions

A wiki without special authentication extensions can be rather straightforward. If your code knows which fields will be required, it might skip the call to API:Authmanagerinfo and just assume which fields will be needed (i.e. username, password & retyped password, email, possibly realname).

If you are creating an account for someone else, you'll need to specify a reason for the same by including a reason parameter to the POST request. You could also use mailpassword in place of password and retype parameters to have MediaWiki send the new user a temporary password via email.

POST request


    "createaccount": {
        "status": "PASS",
        "username": "Zane"

Sample code




    MediaWiki Action API Code Samples
    Demo of `createaccount` module: Create an account on a wiki without the 
    special authentication extensions

    MIT license

import requests

S = requests.Session()

WIKI_URL = "https://test.wikipedia.org"
API_ENDPOINT = WIKI_URL + "/w/api.php"

# First step
# Retrieve account creation token from `tokens` module

PARAMS_0 = {

R = S.get(url=API_ENDPOINT, params=PARAMS_0)
DATA = R.json()

TOKEN = DATA['query']['tokens']['createaccounttoken']

# Second step
# Send a post request with the fetched token and other data (user information,
# return URL, etc.)  to the API to create an account

PARAMS_1 = {
    'action': "createaccount",
    'createtoken': TOKEN,
    'username': 'your_username',
    'password': 'your_password',
    'retype': 'retype_your_password',
    'createreturnurl': WIKI_URL,
    'format': "json"

R = S.post(API_ENDPOINT, data=PARAMS_1)
DATA = R.json()


Example 2: Process on a wiki with a CAPTCHA extension

Note the first step below could, if you'd rather, be done as two steps: one to fetch the fields available from API:Authmanagerinfo and another to fetch the token from API:Tokens .

First step: Fetch fields available from API:Authmanagerinfo and token from API:Tokens

Second step: Send a post request along with a create account token, user information and return URL


Note this code sample separates the API:Authmanagerinfo and API:Tokens requests, and generally assumes there will be a CAPTCHA and no other complications.

Example 3: Account creation on a wiki with a CAPTCHA, an OpenID extension, and a two-factor authentication extension enabled

First step: Fetch fields available from API:Authmanagerinfo and token from API:Tokens

The fetching of API:Authmanagerinfo and API:Tokens is largely the same as in the previous example, and so is not repeated here. The list of requests returned by API:Authmanagerinfo will include definitions for both the CAPTCHA extension and the OpenID extension.

Zweiter Schritt: ausfüllen der CAPTCHA und Auswahl von OpenID-Authentifikation

The client would be expected to redirect the user's browser to the provided redirecttarget.

The OpenID provider would authenticate, and redirect to Special:OpenIDConnectReturn on the wiki, which would validate the OpenID response and then redirect to the createreturnurl provided in the first POST to the API with the code and state parameters added.

The client gets control of the process back at this point and makes its next API request.

Third step: Back from OpenID.

The client posts the code and state back to the API. The API's response has the two-factor authentication extension prompting the user to set up their second factor.

Now the client would prompt the user to set up a new account in their two-factor authentication app and enter the current code, or allow the user to skip 2FA setup. Let's assume the user does set up 2FA.

Fourth step: Set up two-factor authentication.

The account creation has finally succeeded.

If at any point account creation fails, a response with status FAIL will be returned, along with a message to display to the user.

Mögliche Fehler

Kode Info
badtoken Invalid create account token
notoken The token parameter must be set.
mustpostparams The following parameter was found in the query string, but must be in the POST body: createtoken.
missingparam At least one of the parameters "createcontinue" und "createreturnurl" is required.
authmanager-create-no-primary Die angegebenen Anmeldeinformationen konnten nicht für die Benutzerkontenerstellung verwendet werden.
invalidemailaddress Die E-Mail-Adresse wird nicht akzeptiert, weil sie ein ungültiges Format (eventuell ungültige Zeichen) zu haben scheint. Bitte gib eine korrekte Adresse ein oder leere das Feld.
badretype Die beiden Passwörter stimmen nicht überein.
userexists Dieser Benutzername ist schon vergeben.

Bitte wähle einen anderen.

captcha-createaccount-fail Falsches oder fehlendes CAPTCHA.
acct_creation_throttle_hit Besucher dieses Wikis, die deine IP-Adresse benutzen, haben während des letzten Tages num Benutzerkonten erstellt. Dies ist die maximal erlaubte Anzahl in diesem Zeitraum.

Daher können Besucher, die diese IP-Adresse benutzen, derzeit keine weiteren Benutzerkonten erstellen.

Falls du dich auf einer Veranstaltung befindest, die sich auf die Mitwirkung bei Wikimedia-Projekten fokussiert, beantrage bitte eine temporäre Aufhebung der IP-Sperre, um bei der Lösung dieses Problems zu helfen.

Zusätzliche Anmerkungen

If you are logged in, your username will also be recorded when creating an account.

  • While executing the code snippets provided on this page, remember:
    • Once an account on a wiki is created, it cannot be deleted.
    • Always use https://test.wikipedia.org/w/api.php as the endpoint, so that you don't accidentally create accounts on production wikis.
  • MediaWiki site administrators and extension developers can disable this API feature by inserting the following line in the configuration file:
$wgAPIModules['createaccount'] = 'ApiDisabled';

Siehe auch