API:Block

Languages:

This page is part of the MediaWiki Action API documentation.

MediaWiki Action API
Basics
Etiquette and usage guidelines All query modules All page properties All list modules All meta modules Output formats
Authentication
Get tokens for data modifying operations Login Logout Verifying authentication (assertions)
Accounts and Users
Create an account Block or unblock a user Get info about the current user Get the current user's watchlist as a feed Change user options Change user group membership Send an email
Page Operations
Create and edit a page Get the contents of a page Upload a file Import a page Delete a page Parse content of a page Watch or unwatch a page Purge cache for page(s) Rollback a page Move a page Patrol a page or revision Restore revisions of a deleted page Change a page's protection level Change a page's language More...
Search
Search wiki pages by title (OpenSearch) Advanced search for wiki pages by title or text Search wiki pages near a location Search for a language name Perform a prefix search for page titles
Developer Utilities
Access libraries Cross-site requests Creating an API module in an extension Using the API in MediaWiki and extensions Restricting API usage Localisation Implementation Strategy
Tutorials
Action API Tutorial Article ideas generator Nearby places viewer Picture of the day viewer Holidays viewer
v · d · e

MediaWiki version:

≥ 1.12

POST request to block or unblock a user.

Blocking users

API documentation

The following documentation is the output of Special:ApiHelp/block, automatically generated by the pre-release version of MediaWiki that is running on this site (MediaWiki.org).

action=block

(main | block)

This module requires read rights.
This module requires write rights.
This module only accepts POST requests.
Source: MediaWiki
License: GPL-2.0-or-later

Block a user.

https://www.mediawiki.org/wiki/Special:MyLanguage/API:Block

Specific parameters:

Other general parameters are available.

id: ID of the block to modify (obtained through list=blocks). Cannot be used together with user, reblock, or newblock.; Type: integer
user: User to block. Cannot be used together with id.; Type: user, by any of username, IP, Temporary user, IP range and user ID (e.g. "#12345")
userid: Deprecated.; Specify user=#ID instead.; Type: integer
expiry: Expiry time. May be relative (e.g. 5 months or 2 weeks) or absolute (e.g. 2014年09月18日T12:34:56Z). If set to infinite, indefinite, or never, the block will never expire.; Default: never
reason: Reason for block.; Default: (empty)
anononly: Block anonymous users only (i.e. disable anonymous edits for this IP address, including temporary account edits).; Type: boolean (details)
nocreate: Prevent account creation.; Type: boolean (details)
autoblock: Automatically block the last used IP address, and any subsequent IP addresses they try to login from.; Type: boolean (details)
noemail: Prevent user from sending email through the wiki. (Requires the blockemail right).; Type: boolean (details)
hidename: Hide the username from the block log. (Requires the hideuser right).; Type: boolean (details)
allowusertalk: Allow the user to edit their own talk page (depends on $wgBlockAllowsUTEdit ).; Type: boolean (details)
reblock: If the user is already blocked by a single block, overwrite the existing block. If the user is blocked more than once, this will fail—use the id parameter instead to specify which block to overwrite. Cannot be used together with id or newblock.; Type: boolean (details)
newblock: Add another block even if the user is already blocked. Cannot be used together with id or reblock.; Type: boolean (details)
watchuser: Watch the user's or IP address's user and talk pages.; Type: boolean (details)
watchlistexpiry: Watchlist expiry timestamp. Omit this parameter entirely to leave the current expiry unchanged.; Type: expiry (details)
tags: Change tags to apply to the entry in the block log.; Values (separate with | or alternative): AWB, convenient-discussions
partial: Block user from specific pages or namespaces rather than the entire site.; Type: boolean (details)
pagerestrictions: List of titles to block the user from editing. Only applies when partial is set to true.; Type: page title; Separate values with | or alternative.; Maximum number of values is 50.; Only accepts pages that exist.
namespacerestrictions: List of namespace IDs to block the user from editing. Only applies when partial is set to true.; Values (separate with | or alternative): 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 90, 91, 92, 93, 100, 101, 102, 103, 104, 105, 106, 107, 710, 711, 828, 829, 1198, 1199, 2600, 5500, 5501; To specify all values, use *.
actionrestrictions: List of actions to block the user from performing. Only applies when partial is set to true.; Values (separate with | or alternative): create, move, thanks, upload
token: A "csrf" token retrieved from action=query&meta=tokens; This parameter is required.

Examples:

Block IP address 192.0.2.5 for three days with a reason.: api.php?action=block&user=192.0.2.5&expiry=3%20days&reason=First%20strike&token=123ABC [open in sandbox]
Block user Vandal indefinitely with a reason, and prevent new account creation and email sending.: api.php?action=block&user=Vandal&expiry=never&reason=Vandalism&nocreate=&autoblock=&noemail=&token=123ABC [open in sandbox]

Example

Making any POST request is a multi-step process:

Log in, via one of the methods described on API:Login .
GET a token . This token is equal to the edit token and changes at every login.
api.php?action=query&meta=token&format=json [try in ApiSandbox]
Send a POST request, with the token, to block a user.

POST request

Example of blocking a user for 1 day, disabling account creation and email

api.php?action=block&user=Example&expiry=1%20day&reason=Time%20out&nocreate=&noemail=&token=0123456789012345678901234567890123456789%2b%5c [try in ApiSandbox]

Response

{
"block":{
"user":"Example",
"userID":2,
"expiry":"2015年02月25日T07:27:50Z",
"id":"8",
"reason":"Time out",
"nocreate":"",
"noemail":""
}
}

Sample code of blocking users

Python

#!/usr/bin/python3
"""
 block_user.py
 MediaWiki API Demos
 Demo of `Block` module: sending POST request to block user
 MIT license
"""
importrequests
S = requests.Session()
URL = "https://test.wikipedia.org/w/api.php"
# Step 1: GET request to fetch login token
PARAMS_0 = {
 "action": "query",
 "meta": "tokens",
 "type": "login",
 "format": "json"
}
R = S.get(url=URL, params=PARAMS_0)
DATA = R.json()
LOGIN_TOKEN = DATA['query']['tokens']['logintoken']
# Step 2: POST request to log in. Use of main account for login is not
# supported. Obtain credentials via Special:BotPasswords
# (https://www.mediawiki.org/wiki/Special:BotPasswords) for lgname & lgpassword
PARAMS_1 = {
 "action": "login",
 "lgname": "your_bot_username",
 "lgpassword": "your_bot_password",
 "lgtoken": LOGIN_TOKEN,
 "format": "json"
}
R = S.post(URL, data=PARAMS_1)
# Step 3: GET request to fetch CSRF token
PARAMS_2 = {
 "action": "query",
 "meta": "tokens",
 "format": "json"
}
R = S.get(url=URL, params=PARAMS_2)
DATA = R.json()
CSRF_TOKEN = DATA['query']['tokens']['csrftoken']
# Step 4: POST request to block user
PARAMS_3 = {
 "action": "block",
 "user": "Example",
 "expiry": "2015年02月25日T07:27:50Z",
 "reason": "Time out",
 "token": CSRF_TOKEN,
 "format": "json"
}
R = S.post(URL, data=PARAMS_3)
DATA = R.json()
print(DATA)

PHP

<?php
/*
 block_user.php
 MediaWiki API Demos
 Demo of `Block` module: sending POST request to block user
 MIT license
*/
$endPoint = "http://dev.wiki.local.wmftest.net:8080/w/api.php";
$login_Token = getLoginToken(); // Step 1
loginRequest( $login_Token ); // Step 2
$csrf_Token = getCSRFToken(); // Step 3
block( $csrf_Token ); // Step 4
// Step 1: GET request to fetch login token
function getLoginToken() {
	global $endPoint;
	$params1 = [
		"action" => "query",
		"meta" => "tokens",
		"type" => "login",
		"format" => "json"
	];
	$url = $endPoint . "?" . http_build_query( $params1 );
	$ch = curl_init( $url );
	curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
	curl_setopt( $ch, CURLOPT_COOKIEJAR, "cookie.txt" );
	curl_setopt( $ch, CURLOPT_COOKIEFILE, "cookie.txt" );
	$output = curl_exec( $ch );
	curl_close( $ch );
	$result = json_decode( $output, true );
	return $result["query"]["tokens"]["logintoken"];
}
// Step 2: POST request to log in. Use of main account for login is not
// supported. Obtain credentials via Special:BotPasswords
// (https://www.mediawiki.org/wiki/Special:BotPasswords) for lgname & lgpassword
function loginRequest( $logintoken ) {
	global $endPoint;
	$params2 = [
		"action" => "login",
		"lgname" => "bot_user_name",
		"lgpassword" => "bot_password",
		"lgtoken" => $logintoken,
		"format" => "json"
	];
	$ch = curl_init();
	curl_setopt( $ch, CURLOPT_URL, $endPoint );
	curl_setopt( $ch, CURLOPT_POST, true );
	curl_setopt( $ch, CURLOPT_POSTFIELDS, http_build_query( $params2 ) );
	curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
	curl_setopt( $ch, CURLOPT_COOKIEJAR, "cookie.txt" );
	curl_setopt( $ch, CURLOPT_COOKIEFILE, "cookie.txt" );
	$output = curl_exec( $ch );
	curl_close( $ch );
}
// Step 3: GET request to fetch CSRF token
function getCSRFToken() {
	global $endPoint;
	$params3 = [
		"action" => "query",
		"meta" => "tokens",
		"format" => "json"
	];
	$url = $endPoint . "?" . http_build_query( $params3 );
	$ch = curl_init( $url );
	curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
	curl_setopt( $ch, CURLOPT_COOKIEJAR, "cookie.txt" );
	curl_setopt( $ch, CURLOPT_COOKIEFILE, "cookie.txt" );
	$output = curl_exec( $ch );
	curl_close( $ch );
	$result = json_decode( $output, true );
	return $result["query"]["tokens"]["csrftoken"];
}
// Step 4: POST request to block user
function block( $csrftoken ) {
	global $endPoint;
	$params4 = [
		"action" => "block",
		"user" => "ABCD",
		"expiry" => "2020年02月25日T07:27:50Z",
		"reason" => "API Test",
		"token" => $csrftoken,
		"format" => "json"
	];
	$ch = curl_init();
	curl_setopt( $ch, CURLOPT_URL, $endPoint );
	curl_setopt( $ch, CURLOPT_POST, true );
	curl_setopt( $ch, CURLOPT_POSTFIELDS, http_build_query( $params4 ) );
	curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
	curl_setopt( $ch, CURLOPT_COOKIEJAR, "cookie.txt" );
	curl_setopt( $ch, CURLOPT_COOKIEFILE, "cookie.txt" );
	$output = curl_exec( $ch );
	curl_close( $ch );
	echo ( $output );
}

JavaScript

/* 
 block_user.js

 MediaWiki API Demos
 Demo of `Block` module: sending POST request to block user

 MIT license
*/

varrequest=require('request').defaults({jar:true}),
url="http://dev.wiki.local.wmftest.net:8080/w/api.php";

// Step 1: GET request to fetch login token
functiongetLoginToken(){
varparams_0={
action:"query",
meta:"tokens",
type:"login",
format:"json"
};

request.get({url:url,qs:params_0},function(error,res,body){
if(error){
return;
}
vardata=JSON.parse(body);
loginRequest(data.query.tokens.logintoken);
});
}

// Step 2: POST request to log in. 
// Use of main account for login is not
// supported. Obtain credentials via Special:BotPasswords
// (https://www.mediawiki.org/wiki/Special:BotPasswords) for lgname & lgpassword
functionloginRequest(login_token){
varparams_1={
action:"login",
lgname:"bot_username",
lgpassword:"bot_password",
lgtoken:login_token,
format:"json"
};

request.post({url:url,form:params_1},function(error,res,body){
if(error){
return;
}
getCsrfToken();
});
}

// Step 3: GET request to fetch CSRF token
functiongetCsrfToken(){
varparams_2={
action:"query",
meta:"tokens",
format:"json"
};

request.get({url:url,qs:params_2},function(error,res,body){
if(error){
return;
}
vardata=JSON.parse(body);
block(data.query.tokens.csrftoken);
});
}

// Step 4: POST request to block user
functionblock(csrf_token){
varparams_3={
action:"block",
user:"ABCDEF",
expiry:"2020年02月25日T07:27:50Z",
reason:"API Test",
token:csrf_token,
format:"json"
};

request.post({url:url,form:params_3},function(error,res,body){
if(error){
return;
}
console.log(body);
});
}

// Start From Step 1
getLoginToken();

MediaWiki JS

/*
	block_user.js
	MediaWiki API Demos
	Demo of `Block` module: sending POST request to block user
	MIT License
*/
varparams={
action:'block',
user:'ABCD',
expiry:'2020年02月25日T07:27:50Z',
reason:'API Test',
format:'json'
},
api=newmw.Api();
api.postWithToken('csrf',params).done(function(data){
console.log(data);
});

Unblocking users

API documentation

The following documentation is the output of Special:ApiHelp/unblock, automatically generated by the pre-release version of MediaWiki that is running on this site (MediaWiki.org).

action=unblock

(main | unblock)

This module requires read rights.
This module requires write rights.
This module only accepts POST requests.
Source: MediaWiki
License: GPL-2.0-or-later

Unblock a user.

https://www.mediawiki.org/wiki/Special:MyLanguage/API:Block

Specific parameters:

Other general parameters are available.

id: ID of the block to unblock (obtained through list=blocks). Cannot be used together with user.; Type: integer
user: User to unblock. Cannot be used together with id.; Type: user, by any of username, IP, Temporary user, IP range and user ID (e.g. "#12345")
userid: Deprecated.; Specify user=#ID instead.; Type: integer
reason: Reason for unblock.; Default: (empty)
tags: Change tags to apply to the entry in the block log.; Values (separate with | or alternative): AWB, convenient-discussions
watchuser: Watch the user's or IP address's user and talk pages.; Type: boolean (details)
watchlistexpiry: Watchlist expiry timestamp. Omit this parameter entirely to leave the current expiry unchanged.; Type: expiry (details)
token: A "csrf" token retrieved from action=query&meta=tokens; This parameter is required.

Examples:

Unblock block ID #105.: api.php?action=unblock&id=105 [open in sandbox]
Unblock user Bob with reason Sorry Bob.: api.php?action=unblock&user=Bob&reason=Sorry%20Bob [open in sandbox]

Example

POST request

Unblocking Example and apologizing

api.php?action=unblock&user=Example&token=0123456789012345678901234567890123456789%2b%5c&reason=Sorry%20Example [try in ApiSandbox]

Response

{
"unblock":{
"id":16,
"user":"Example",
"userid":2,
"reason":"Sorry Example",
"watchuser":false
}
}

Possible errors

Code (Blocking)	Info
alreadyblocked	The user you tried to block was already blocked
cantblock	You don't have permission to block users.
cantblock-email	You don't have permission to block users from sending email through the wiki.
canthide	You don't have permission to hide usernames from the block log. This feature has to be enabled explicitly in LocalSettings.php.
invalidexpiry	Invalid expiry time
invalidip	Invalid IP address specified
invalidrange	Invalid IP range
notoken	The `token` parameter must be set.
nouser	The `user` parameter must be set.
pastexpiry	Expiry time "1ドル" is in the past.
permissiondenied	You don't have permission to block users. On most wikis, blocking users is restricted to sysops, but other wikis may have stricter rules.
rangedisabled	Blocking IP ranges has been disabled

Code (Unblocking)	Info
notarget	Either the ID or the user parameter must be set
notoken	The `token` parameter must be set.
idanduser	The ID and user parameters can't be used together
blockedasrange	IP address "address" was blocked as part of range "range". You can't unblock the IP individually, but you can unblock the range as a whole.
cantunblock	The block you specified was not found. It may have been unblocked already
permissiondenied	You don't have permission to unblock users. On most wikis, unblocking users is restricted to sysops, but other wikis may have different rules.

Parameter history

1.29: Introduced tags
1.21: Removed gettoken
1.20: Deprecated gettoken
1.18: Introduced watchuser
1.14: Introduced allowusertalk, reblock

Blocking users

API documentation

action=block

Example

POST request

Response

Sample code of blocking users

Python

PHP

JavaScript

MediaWiki JS

Unblocking users

API documentation

action=unblock

Example

POST request

Response

Possible errors

Parameter history

See also