API:Block

Translate this page

This page is part of the MediaWiki Action API documentation.

MediaWiki version:

≥ 1.12

POST request to block or unblock a user.

Blocking users

API documentation

The following documentation is the output of Special:ApiHelp/block, automatically generated by the pre-release version of MediaWiki that is running on this site (MediaWiki.org).

action=block

(main | block)

This module requires read rights.
This module requires write rights.
This module only accepts POST requests.
Source: MediaWiki
License: GPL-2.0-or-later

Block a user.

https://www.mediawiki.org/wiki/Special:MyLanguage/API:Block

Specific parameters:

Other general parameters are available.

user: User to block.; Type: user, by any of username, IP, Temporary user, IP range and user ID (e.g. "#12345")
userid: Deprecated.; Specify user=#ID instead.; Type: integer
expiry: Expiry time. May be relative (e.g. 5 months or 2 weeks) or absolute (e.g. 2014-09-18T12:34:56Z). If set to infinite, indefinite, or never, the block will never expire.; Default: never
reason: Reason for block.; Default: (empty)
anononly: Block anonymous users only (i.e. disable anonymous edits for this IP address, including temporary account edits).; Type: boolean (details)
nocreate: Prevent account creation.; Type: boolean (details)
autoblock: Automatically block the last used IP address, and any subsequent IP addresses they try to login from.; Type: boolean (details)
noemail: Prevent user from sending email through the wiki. (Requires the blockemail right).; Type: boolean (details)
hidename: Hide the username from the block log. (Requires the hideuser right).; Type: boolean (details)
allowusertalk: Allow the user to edit their own talk page (depends on $wgBlockAllowsUTEdit).; Type: boolean (details)
reblock: If the user is already blocked, overwrite the existing block.; Type: boolean (details)
watchuser: Watch the user's or IP address's user and talk pages.; Type: boolean (details)
watchlistexpiry: Watchlist expiry timestamp. Omit this parameter entirely to leave the current expiry unchanged.; Type: expiry (details)
tags: Change tags to apply to the entry in the block log.; Values (separate with | or alternative): AWB, convenient-discussions
partial: Block user from specific pages or namespaces rather than the entire site.; Type: boolean (details)
pagerestrictions: List of titles to block the user from editing. Only applies when partial is set to true.; Type: page title; Separate values with | or alternative.; Maximum number of values is 10.; Only accepts pages that exist.
namespacerestrictions: List of namespace IDs to block the user from editing. Only applies when partial is set to true.; Values (separate with | or alternative): 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 90, 91, 92, 93, 100, 101, 102, 103, 104, 105, 106, 107, 486, 487, 710, 711, 828, 829, 1198, 1199, 2600, 5500, 5501; To specify all values, use *.
actionrestrictions: List of actions to block the user from performing. Only applies when partial is set to true.; Values (separate with | or alternative): create, move, thanks, upload
token: A "csrf" token retrieved from action=query&meta=tokens; This parameter is required.

Examples:

Block IP address 192.0.2.5 for three days with a reason.: api.php?action=block&user=192.0.2.5&expiry=3%20days&reason=First%20strike&token=123ABC [open in sandbox]
Block user Vandal indefinitely with a reason, and prevent new account creation and email sending.: api.php?action=block&user=Vandal&expiry=never&reason=Vandalism&nocreate=&autoblock=&noemail=&token=123ABC [open in sandbox]

Example

Making any POST request is a multi-step process:

Log in, via one of the methods described on API:Login .
GET a token . This token is equal to the edit token and changes at every login.
api.php?action=query&meta=token&format=json [try in ApiSandbox]
Send a POST request, with the token, to block a user.

POST request

Example of blocking a user for 1 day, disabling account creation and email

api.php?action=block&user=Example&expiry=1%20day&reason=Time%20out&nocreate=&noemail=&token=0123456789012345678901234567890123456789%2b%5c [try in ApiSandbox]

Response

{
  "block": {
    "user": "Example",
    "userID": 2,
    "expiry": "2015-02-25T07:27:50Z",
    "id": "8",
    "reason": "Time out",
    "nocreate": "",
    "noemail": ""
  }
}

Sample code of blocking users

Python

#!/usr/bin/python3

"""
    block_user.py

    MediaWiki API Demos
    Demo of `Block` module: sending POST request to block user
    MIT license
"""

import requests

S = requests.Session()

URL = "https://test.wikipedia.org/w/api.php"

# Step 1: GET request to fetch login token
PARAMS_0 = {
    "action": "query",
    "meta": "tokens",
    "type": "login",
    "format": "json"
}

R = S.get(url=URL, params=PARAMS_0)
DATA = R.json()

LOGIN_TOKEN = DATA['query']['tokens']['logintoken']

# Step 2: POST request to log in. Use of main account for login is not
# supported. Obtain credentials via Special:BotPasswords
# (https://www.mediawiki.org/wiki/Special:BotPasswords) for lgname & lgpassword
PARAMS_1 = {
    "action": "login",
    "lgname": "your_bot_username",
    "lgpassword": "your_bot_password",
    "lgtoken": LOGIN_TOKEN,
    "format": "json"
}

R = S.post(URL, data=PARAMS_1)

# Step 3: GET request to fetch CSRF token
PARAMS_2 = {
    "action": "query",
    "meta": "tokens",
    "format": "json"
}

R = S.get(url=URL, params=PARAMS_2)
DATA = R.json()

CSRF_TOKEN = DATA['query']['tokens']['csrftoken']

# Step 4: POST request to block user
PARAMS_3 = {
    "action": "block",
    "user": "Example",
    "expiry": "2015-02-25T07:27:50Z",
    "reason": "Time out",
    "token": CSRF_TOKEN,
    "format": "json"
}

R = S.post(URL, data=PARAMS_3)
DATA = R.json()

print(DATA)

PHP

<?php

/*
    block_user.php

    MediaWiki API Demos
    Demo of `Block` module: sending POST request to block user
    MIT license
*/

$endPoint = "http://dev.wiki.local.wmftest.net:8080/w/api.php";

$login_Token = getLoginToken(); // Step 1
loginRequest( $login_Token ); // Step 2
$csrf_Token = getCSRFToken(); // Step 3
block( $csrf_Token ); // Step 4

// Step 1: GET request to fetch login token
function getLoginToken() {
	global $endPoint;

	$params1 = [
		"action" => "query",
		"meta" => "tokens",
		"type" => "login",
		"format" => "json"
	];

	$url = $endPoint . "?" . http_build_query( $params1 );

	$ch = curl_init( $url );
	curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
	curl_setopt( $ch, CURLOPT_COOKIEJAR, "cookie.txt" );
	curl_setopt( $ch, CURLOPT_COOKIEFILE, "cookie.txt" );

	$output = curl_exec( $ch );
	curl_close( $ch );

	$result = json_decode( $output, true );
	return $result["query"]["tokens"]["logintoken"];
}

// Step 2: POST request to log in. Use of main account for login is not
// supported. Obtain credentials via Special:BotPasswords
// (https://www.mediawiki.org/wiki/Special:BotPasswords) for lgname & lgpassword
function loginRequest( $logintoken ) {
	global $endPoint;

	$params2 = [
		"action" => "login",
		"lgname" => "bot_user_name",
		"lgpassword" => "bot_password",
		"lgtoken" => $logintoken,
		"format" => "json"
	];

	$ch = curl_init();

	curl_setopt( $ch, CURLOPT_URL, $endPoint );
	curl_setopt( $ch, CURLOPT_POST, true );
	curl_setopt( $ch, CURLOPT_POSTFIELDS, http_build_query( $params2 ) );
	curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
	curl_setopt( $ch, CURLOPT_COOKIEJAR, "cookie.txt" );
	curl_setopt( $ch, CURLOPT_COOKIEFILE, "cookie.txt" );

	$output = curl_exec( $ch );
	curl_close( $ch );

}

// Step 3: GET request to fetch CSRF token
function getCSRFToken() {
	global $endPoint;

	$params3 = [
		"action" => "query",
		"meta" => "tokens",
		"format" => "json"
	];

	$url = $endPoint . "?" . http_build_query( $params3 );

	$ch = curl_init( $url );

	curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
	curl_setopt( $ch, CURLOPT_COOKIEJAR, "cookie.txt" );
	curl_setopt( $ch, CURLOPT_COOKIEFILE, "cookie.txt" );

	$output = curl_exec( $ch );
	curl_close( $ch );

	$result = json_decode( $output, true );
	return $result["query"]["tokens"]["csrftoken"];
}

// Step 4: POST request to block user
function block( $csrftoken ) {
	global $endPoint;

	$params4 = [
		"action" => "block",
		"user" => "ABCD",
		"expiry" => "2020-02-25T07:27:50Z",
		"reason" => "API Test",
		"token" => $csrftoken,
		"format" => "json"
	];

	$ch = curl_init();

	curl_setopt( $ch, CURLOPT_URL, $endPoint );
	curl_setopt( $ch, CURLOPT_POST, true );
	curl_setopt( $ch, CURLOPT_POSTFIELDS, http_build_query( $params4 ) );
	curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
	curl_setopt( $ch, CURLOPT_COOKIEJAR, "cookie.txt" );
	curl_setopt( $ch, CURLOPT_COOKIEFILE, "cookie.txt" );

	$output = curl_exec( $ch );
	curl_close( $ch );

	echo ( $output );
}

JavaScript

/*  
    block_user.js
 
    MediaWiki API Demos
    Demo of `Block` module: sending POST request to block user

    MIT license
*/

var request = require('request').defaults({jar: true}),
    url = "http://dev.wiki.local.wmftest.net:8080/w/api.php";

// Step 1: GET request to fetch login token
function getLoginToken() {
    var params_0 = {
        action: "query",
        meta: "tokens",
        type: "login",
        format: "json"
    };

    request.get({ url: url, qs: params_0 }, function (error, res, body) {
        if (error) {
            return;
        }
        var data = JSON.parse(body);
        loginRequest(data.query.tokens.logintoken);
    });
}

// Step 2: POST request to log in. 
// Use of main account for login is not
// supported. Obtain credentials via Special:BotPasswords
// (https://www.mediawiki.org/wiki/Special:BotPasswords) for lgname & lgpassword
function loginRequest(login_token) {
    var params_1 = {
        action: "login",
        lgname: "bot_username",
        lgpassword: "bot_password",
        lgtoken: login_token,
        format: "json"
    };

    request.post({ url: url, form: params_1 }, function (error, res, body) {
        if (error) {
            return;
        }
        getCsrfToken();
    });
}

// Step 3: GET request to fetch CSRF token
function getCsrfToken() {
    var params_2 = {
        action: "query",
        meta: "tokens",
        format: "json"
    };

    request.get({ url: url, qs: params_2 }, function(error, res, body) {
        if (error) {
            return;
        }
        var data = JSON.parse(body);
        block(data.query.tokens.csrftoken);
    });
}

// Step 4: POST request to block user
function block(csrf_token) {
    var params_3 = {
        action: "block",
        user: "ABCDEF",
        expiry: "2020-02-25T07:27:50Z",
        reason: "API Test",
        token: csrf_token,
        format: "json"
    };

    request.post({ url: url, form: params_3 }, function (error, res, body) {
        if (error) {
            return;
        }
        console.log(body);
    });
}

// Start From Step 1
getLoginToken();

MediaWiki JS

/*
	block_user.js

	MediaWiki API Demos
	Demo of `Block` module: sending POST request to block user

	MIT License
*/

var params = {
		action: 'block',
		user: 'ABCD',
		expiry: '2020-02-25T07:27:50Z',
		reason: 'API Test',
		format: 'json'
	},
	api = new mw.Api();

api.postWithToken( 'csrf', params ).done( function ( data ) {
	console.log( data );
} );

Unblocking users

API documentation

The following documentation is the output of Special:ApiHelp/unblock, automatically generated by the pre-release version of MediaWiki that is running on this site (MediaWiki.org).

action=unblock

(main | unblock)

This module requires read rights.
This module requires write rights.
This module only accepts POST requests.
Source: MediaWiki
License: GPL-2.0-or-later

Unblock a user.

https://www.mediawiki.org/wiki/Special:MyLanguage/API:Block

Specific parameters:

Other general parameters are available.

id: ID of the block to unblock (obtained through list=blocks). Cannot be used together with user.; Type: integer
user: User to unblock. Cannot be used together with id.; Type: user, by any of username, IP, Temporary user, IP range and user ID (e.g. "#12345")
userid: Deprecated.; Specify user=#ID instead.; Type: integer
reason: Reason for unblock.; Default: (empty)
tags: Change tags to apply to the entry in the block log.; Values (separate with | or alternative): AWB, convenient-discussions
watchuser: Watch the user's or IP address's user and talk pages.; Type: boolean (details)
watchlistexpiry: Watchlist expiry timestamp. Omit this parameter entirely to leave the current expiry unchanged.; Type: expiry (details)
token: A "csrf" token retrieved from action=query&meta=tokens; This parameter is required.

Examples:

Unblock block ID #105.: api.php?action=unblock&id=105 [open in sandbox]
Unblock user Bob with reason Sorry Bob.: api.php?action=unblock&user=Bob&reason=Sorry%20Bob [open in sandbox]

Example

POST request

Unblocking Example and apologizing

api.php?action=unblock&user=Example&token=0123456789012345678901234567890123456789%2b%5c&reason=Sorry%20Example [try in ApiSandbox]

Response

{
  "id": "16",
  "user": "Example",
  "userid": 2,
  "reason": "Sorry Example"
}

Possible errors

Code (Blocking)	Info
alreadyblocked	The user you tried to block was already blocked
cantblock	You don't have permission to block users.
cantblock-email	You don't have permission to block users from sending email through the wiki.
canthide	You don't have permission to hide usernames from the block log. This feature has to be enabled explicitly in LocalSettings.php.
invalidexpiry	Invalid expiry time
invalidip	Invalid IP address specified
invalidrange	Invalid IP range
notoken	The `token` parameter must be set.
nouser	The `user` parameter must be set.
pastexpiry	Expiry time "$1" is in the past.
permissiondenied	You don't have permission to block users. On most wikis, blocking users is restricted to sysops, but other wikis may have stricter rules.
rangedisabled	Blocking IP ranges has been disabled

Code (Unblocking)	Info
notarget	Either the ID or the user parameter must be set
notoken	The `token` parameter must be set.
idanduser	The ID and user parameters can't be used together
blockedasrange	IP address "address" was blocked as part of range "range". You can't unblock the IP individually, but you can unblock the range as a whole.
cantunblock	The block you specified was not found. It may have been unblocked already
permissiondenied	You don't have permission to unblock users. On most wikis, unblocking users is restricted to sysops, but other wikis may have different rules.

Parameter history

1.29: Introduced tags
1.21: Removed gettoken
1.20: Deprecated gettoken
1.18: Introduced watchuser
1.14: Introduced allowusertalk, reblock

Blocking users

API documentation

action=block

Example

POST request

Response

Sample code of blocking users

Python

PHP

JavaScript

MediaWiki JS

Unblocking users

API documentation

action=unblock

Example

POST request

Response

Possible errors

Parameter history

See also