API:Protect
Language: | English • Deutsch • 日本語 |
---|
This page is part of the MediaWiki action API documentation. |
MediaWiki action API
- Introduction and quick start
- FAQ
- Tutorial
- Formats
- Error reporting
- Restricting usage
- Cross-site requests
- Authentication
- Queries
- Searching (by title, content, coordinates...)
- Parsing wikitext and expanding templates
- Purging pages' caches
- Parameter information
- Changing wiki content
- Create and edit pages
- Move pages
- Merge pages
- Rollback
- Delete pages
- Restore deleted revisions
- (Un)protect pages
- (Un)block users
- (Un)watch pages
- Mark revisions of watched pages as visited
- Send email
- Patrol changes
- Import pages
- Change user group membership
- Upload files
- User options
- Tokens
- Page language
- Watchlist feed
- Wikidata
- Extensions
- Using the API in MediaWiki and extensions
- Miscellaneous
- Implementation
- Client code
- Asserting
protect | ||
---|---|---|
This module cannot be used as a Generator . |
||
Prefix | ||
Required rights | protect | |
Post only? | Yes | |
Generated help | Current | |
Version added |
|
Token[edit]
To change a page's protection level, a CSRF token is required. This token is the same for all pages, but changes at every login. CSRF tokens can be obtained via action=query&meta=tokens with type=csrf
(MW 1.24+).
In previous versions of MediaWiki, a protect token was required (deprecated) This token is equal to the edit token and the same for all pages, but changes at every login. Protect tokens can be obtained via action=tokens with type=protect (MW 1.20+), or by using the following method:
Obtaining a protect token (deprecated)
Result |
---|
<?xml version="1.0" encoding="utf-8"?>
<api>
<query>
<pages>
<page
pageid="1"
counter="20"
length="470"
protecttoken="58b54e0bab4a1d3fd3f7653af38e75cb+\"
/>
</pages>
</query>
</api>
|
Protecting pages[edit]
Pages can be protected with action=protect.
Parameters[edit]
title
: The page you want to protect.pageid
: Page ID of the page you want to protect. Cannot be used together withtitle
. 1.20+token
: A "csrf" token retrieved fromaction=query&meta=tokens
(or as specified above).protections
- If you want to remove a protection, use
all
as group, e.g.edit=all|move=sysop
- If you leave out an action, the associated value won't be changed, i.e.
edit=sysop
leaves the move protection untouched.
- If you want to remove a protection, use
expiry
: Pipe-separated list of expiry timestamps in GNU timestamp format. The first timestamp applies to the first protection inprotections
, the second to the second, etc. The timestampsinfinite
,indefinite
andnever
result in a protection that will never expire. Timestamps likenext Monday 16:04:57
or9:28 PM tomorrow
are also allowed, see the GNU web site for details.- The number of expiry timestamps must equal the number of protections, or you'll get an error message
- An exception to this rule is made for backwards compatibility: if you specify exactly one expiry timestamp, it'll apply to all protections
- Not setting this parameter is equivalent to setting it to
infinite
- The number of expiry timestamps must equal the number of protections, or you'll get an error message
reason
: The reason for the (un)protection (optional).tags
: Change tags to apply to the entry in the protection log. 1.27+cascade
: If set, pages transcluded in the protected page will also be protected. If the required user level to edit is lower than the required user level to protect (e.g. edit=autoconfirmed), cascading can't be enabled, and this parameter will be silently ignored.- The latter is to prevent people who shouldn't be able to protect pages from protecting them anyway by transcluding them in a page with cascading protection.
watch
: If set, add the page being (un)protected to the current user's watchlist. 1.15+ (deprecated in 1.17)watchlist
: Unconditionally add or remove the page from the current user's watchlist, use preferences or do not change watch. Possible values:watch
,unwatch
,preferences
,nochange
. (Default:preferences
) 1.17+
Examples[edit]
Note: In this example, all parameters are passed in a GET request just for the sake of simplicity. However, action=protect requires POST requests; GET requests will cause an error.
Protecting the Main Page edit=autoconfirmed, move=sysop, the first expiring February 24, 2015 at 12:34:56, the second expiring March 25, 2015 at 13:06:20 with cascading protection enabled.
Result |
---|
{
"protect": {
"title": "Main Page",
"reason": "",
"protections": [
{
"edit": "autoconfirmed",
"expiry": "2015-02-24T12:34:56Z"
},
{
"move": "sysop",
"expiry": "2015-03-25T13:06:20Z"
}
]
}
}
|
Protecting "Deletion log" create=sysop, expiring a 2 months from now
Result |
---|
{
"protect": {
"title": "Deletion log",
"reason": "Don't create this for now",
"protections": [
{
"create": "sysop",
"expiry": "2015-04-23T16:41:28Z"
}
]
}
}
|
Possible errors[edit]
In addition to the usual stuff:
Code | Info |
---|---|
notitle | The title parameter must be set |
notoken | The token parameter must be set |
noprotections | The protections parameter must be set |
invalidexpiry | Invalid expiry time "expiry" Note: This means the expiry timestamp was invalidly formatted, or is nonexistent (like November 31 or 24:05). |
pastexpiry | Expiry time "expiry" is in the past |
toofewexpiries | number expiry timestamps were provided where number were needed Note: This error is misnamed: it's also thrown when you specify too many expiry times |
cantedit | You can't protect this page because you can't edit it |
create-titleexists | Existing titles can't be protected with 'create' |
missingtitle-createonly | Missing titles can only be protected with 'create' |
protect-invalidaction | Invalid protection type "type" |
protect-invalidlevel | Invalid protection level "level" |