API:Block
 | This page is part of the MediaWiki Action API documentation. |
| MediaWiki version: | ≥ 1.12 |
POST request to block or unblock a user.
Blocking users
API documentation
 | The following documentation is the output of Special: |
action=block
(main | block)
- This module requires read rights.
- This module requires write rights.
- This module only accepts POST requests.
- Source: MediaWiki
- License: GPL-2.0-or-later
Block a user.
Specific parameters:
Other general parameters are available.
- id
ID of the block to modify (obtained through list=blocks). Cannot be used together with user, reblock, or newblock.
- Type: integer
- user
User to block. Cannot be used together with id.
- Type: user, by any of username, IP, Temporary user, IP range and user ID (e.g. "#12345")
- userid
- Deprecated.
Specify user=#ID instead.
- Type: integer
- expiry
Expiry time. May be relative (e.g. 5 months or 2 weeks) or absolute (e.g. 2014-09-18T12:34:56Z). If set to infinite, indefinite, or never, the block will never expire.
- Default: never
- reason
Reason for block.
- Default: (empty)
- anononly
Block anonymous users only (i.e. disable anonymous edits for this IP address, including temporary account edits).
- Type: boolean (details)
- nocreate
Prevent account creation.
- Type: boolean (details)
- autoblock
Automatically block the last used IP address, and any subsequent IP addresses they try to login from.
- Type: boolean (details)
- noemail
Prevent user from sending email through the wiki. (Requires the
blockemailright).- Type: boolean (details)
- hidename
Hide the username from the block log. (Requires the
hideuserright).- Type: boolean (details)
- allowusertalk
Allow the user to edit their own talk page (depends on $wgBlockAllowsUTEdit).
- Type: boolean (details)
- reblock
If the user is already blocked by a single block, overwrite the existing block. If the user is blocked more than once, this will fail—use the id parameter instead to specify which block to overwrite. Cannot be used together with id or newblock.
- Type: boolean (details)
- newblock
Add another block even if the user is already blocked. Cannot be used together with id or reblock.
- Type: boolean (details)
- watchuser
Watch the user's or IP address's user and talk pages.
- Type: boolean (details)
- watchlistexpiry
Watchlist expiry timestamp. Omit this parameter entirely to leave the current expiry unchanged.
- Type: expiry (details)
Change tags to apply to the entry in the block log.
- Values (separate with | or alternative): AWB, convenient-discussions
- partial
Block user from specific pages or namespaces rather than the entire site.
- Type: boolean (details)
- pagerestrictions
List of titles to block the user from editing. Only applies when partial is set to true.
- Type: page title
- Separate values with | or alternative.
- Maximum number of values is 50.
- Only accepts pages that exist.
- namespacerestrictions
List of namespace IDs to block the user from editing. Only applies when partial is set to true.
- Values (separate with | or alternative): 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 90, 91, 92, 93, 100, 101, 102, 103, 104, 105, 106, 107, 710, 711, 828, 829, 1198, 1199, 1728, 1729, 2600, 5500, 5501
- To specify all values, use *.
- actionrestrictions
List of actions to block the user from performing. Only applies when partial is set to true.
- Values (separate with | or alternative): create, move, thanks, upload
- token
A "csrf" token retrieved from action=query&meta=tokens
- This parameter is required.
Examples:
- Block IP address 192.0.2.5 for three days with a reason.
- api.php?action=block&user=192.0.2.5&expiry=3%20days&reason=First%20strike&token=123ABC [open in sandbox]
- Block user Vandal indefinitely with a reason, and prevent new account creation and email sending.
- api.php?action=block&user=Vandal&expiry=never&reason=Vandalism&nocreate=&autoblock=&noemail=&token=123ABC [open in sandbox]
Example
Making any POST request is a multi-step process:
- Log in, via one of the methods described on API:Login.
- GET a token. This token is equal to the edit token and changes at every login.
- Send a POST request, with the token, to block a user.
POST request
Example of blocking a user for 1 day, disabling account creation and email
Response
{
"block": {
"user": "Example",
"userID": 2,
"expiry": "2015-02-25T07:27:50Z",
"id": "8",
"reason": "Time out",
"nocreate": "",
"noemail": ""
}
}
Sample code of blocking users
Python
#!/usr/bin/python3
"""
block_user.py
MediaWiki API Demos
Demo of `Block` module: sending POST request to block user
MIT license
"""
import requests
S = requests.Session()
URL = "https://test.wikipedia.org/w/api.php"
# Step 1: GET request to fetch login token
PARAMS_0 = {
"action": "query",
"meta": "tokens",
"type": "login",
"format": "json"
}
R = S.get(url=URL, params=PARAMS_0)
DATA = R.json()
LOGIN_TOKEN = DATA['query']['tokens']['logintoken']
# Step 2: POST request to log in. Use of main account for login is not
# supported. Obtain credentials via Special:BotPasswords
# (https://www.mediawiki.org/wiki/Special:BotPasswords) for lgname & lgpassword
PARAMS_1 = {
"action": "login",
"lgname": "your_bot_username",
"lgpassword": "your_bot_password",
"lgtoken": LOGIN_TOKEN,
"format": "json"
}
R = S.post(URL, data=PARAMS_1)
# Step 3: GET request to fetch CSRF token
PARAMS_2 = {
"action": "query",
"meta": "tokens",
"format": "json"
}
R = S.get(url=URL, params=PARAMS_2)
DATA = R.json()
CSRF_TOKEN = DATA['query']['tokens']['csrftoken']
# Step 4: POST request to block user
PARAMS_3 = {
"action": "block",
"user": "Example",
"expiry": "2015-02-25T07:27:50Z",
"reason": "Time out",
"token": CSRF_TOKEN,
"format": "json"
}
R = S.post(URL, data=PARAMS_3)
DATA = R.json()
print(DATA)
PHP
<?php
/*
block_user.php
MediaWiki API Demos
Demo of `Block` module: sending POST request to block user
MIT license
*/
$endPoint = "http://dev.wiki.local.wmftest.net:8080/w/api.php";
$login_Token = getLoginToken(); // Step 1
loginRequest( $login_Token ); // Step 2
$csrf_Token = getCSRFToken(); // Step 3
block( $csrf_Token ); // Step 4
// Step 1: GET request to fetch login token
function getLoginToken() {
global $endPoint;
$params1 = [
"action" => "query",
"meta" => "tokens",
"type" => "login",
"format" => "json"
];
$url = $endPoint . "?" . http_build_query( $params1 );
$ch = curl_init( $url );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_COOKIEJAR, "cookie.txt" );
curl_setopt( $ch, CURLOPT_COOKIEFILE, "cookie.txt" );
$output = curl_exec( $ch );
curl_close( $ch );
$result = json_decode( $output, true );
return $result["query"]["tokens"]["logintoken"];
}
// Step 2: POST request to log in. Use of main account for login is not
// supported. Obtain credentials via Special:BotPasswords
// (https://www.mediawiki.org/wiki/Special:BotPasswords) for lgname & lgpassword
function loginRequest( $logintoken ) {
global $endPoint;
$params2 = [
"action" => "login",
"lgname" => "bot_user_name",
"lgpassword" => "bot_password",
"lgtoken" => $logintoken,
"format" => "json"
];
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $endPoint );
curl_setopt( $ch, CURLOPT_POST, true );
curl_setopt( $ch, CURLOPT_POSTFIELDS, http_build_query( $params2 ) );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_COOKIEJAR, "cookie.txt" );
curl_setopt( $ch, CURLOPT_COOKIEFILE, "cookie.txt" );
$output = curl_exec( $ch );
curl_close( $ch );
}
// Step 3: GET request to fetch CSRF token
function getCSRFToken() {
global $endPoint;
$params3 = [
"action" => "query",
"meta" => "tokens",
"format" => "json"
];
$url = $endPoint . "?" . http_build_query( $params3 );
$ch = curl_init( $url );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_COOKIEJAR, "cookie.txt" );
curl_setopt( $ch, CURLOPT_COOKIEFILE, "cookie.txt" );
$output = curl_exec( $ch );
curl_close( $ch );
$result = json_decode( $output, true );
return $result["query"]["tokens"]["csrftoken"];
}
// Step 4: POST request to block user
function block( $csrftoken ) {
global $endPoint;
$params4 = [
"action" => "block",
"user" => "ABCD",
"expiry" => "2020-02-25T07:27:50Z",
"reason" => "API Test",
"token" => $csrftoken,
"format" => "json"
];
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $endPoint );
curl_setopt( $ch, CURLOPT_POST, true );
curl_setopt( $ch, CURLOPT_POSTFIELDS, http_build_query( $params4 ) );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_COOKIEJAR, "cookie.txt" );
curl_setopt( $ch, CURLOPT_COOKIEFILE, "cookie.txt" );
$output = curl_exec( $ch );
curl_close( $ch );
echo ( $output );
}
JavaScript
/*
block_user.js
MediaWiki API Demos
Demo of `Block` module: sending POST request to block user
MIT license
*/
var request = require('request').defaults({jar: true}),
url = "http://dev.wiki.local.wmftest.net:8080/w/api.php";
// Step 1: GET request to fetch login token
function getLoginToken() {
var params_0 = {
action: "query",
meta: "tokens",
type: "login",
format: "json"
};
request.get({ url: url, qs: params_0 }, function (error, res, body) {
if (error) {
return;
}
var data = JSON.parse(body);
loginRequest(data.query.tokens.logintoken);
});
}
// Step 2: POST request to log in.
// Use of main account for login is not
// supported. Obtain credentials via Special:BotPasswords
// (https://www.mediawiki.org/wiki/Special:BotPasswords) for lgname & lgpassword
function loginRequest(login_token) {
var params_1 = {
action: "login",
lgname: "bot_username",
lgpassword: "bot_password",
lgtoken: login_token,
format: "json"
};
request.post({ url: url, form: params_1 }, function (error, res, body) {
if (error) {
return;
}
getCsrfToken();
});
}
// Step 3: GET request to fetch CSRF token
function getCsrfToken() {
var params_2 = {
action: "query",
meta: "tokens",
format: "json"
};
request.get({ url: url, qs: params_2 }, function(error, res, body) {
if (error) {
return;
}
var data = JSON.parse(body);
block(data.query.tokens.csrftoken);
});
}
// Step 4: POST request to block user
function block(csrf_token) {
var params_3 = {
action: "block",
user: "ABCDEF",
expiry: "2020-02-25T07:27:50Z",
reason: "API Test",
token: csrf_token,
format: "json"
};
request.post({ url: url, form: params_3 }, function (error, res, body) {
if (error) {
return;
}
console.log(body);
});
}
// Start From Step 1
getLoginToken();
MediaWiki JS
/*
block_user.js
MediaWiki API Demos
Demo of `Block` module: sending POST request to block user
MIT License
*/
var params = {
action: 'block',
user: 'ABCD',
expiry: '2020-02-25T07:27:50Z',
reason: 'API Test',
format: 'json'
},
api = new mw.Api();
api.postWithToken( 'csrf', params ).done( function ( data ) {
console.log( data );
} );
Unblocking users
API documentation
| The following documentation is the output of Special: |
action=unblock
(main | unblock)
- This module requires read rights.
- This module requires write rights.
- This module only accepts POST requests.
- Source: MediaWiki
- License: GPL-2.0-or-later
Unblock a user.
Specific parameters:
Other general parameters are available.
- id
ID of the block to unblock (obtained through list=blocks). Cannot be used together with user.
- Type: integer
- user
User to unblock. Cannot be used together with id.
- Type: user, by any of username, IP, Temporary user, IP range and user ID (e.g. "#12345")
- userid
- Deprecated.
Specify user=#ID instead.
- Type: integer
- reason
Reason for unblock.
- Default: (empty)
Change tags to apply to the entry in the block log.
- Values (separate with | or alternative): AWB, convenient-discussions
- watchuser
Watch the user's or IP address's user and talk pages.
- Type: boolean (details)
- watchlistexpiry
Watchlist expiry timestamp. Omit this parameter entirely to leave the current expiry unchanged.
- Type: expiry (details)
- token
A "csrf" token retrieved from action=query&meta=tokens
- This parameter is required.
Examples:
- Unblock block ID #105.
- api.php?action=unblock&id=105 [open in sandbox]
- Unblock user Bob with reason Sorry Bob.
- api.php?action=unblock&user=Bob&reason=Sorry%20Bob [open in sandbox]
Example
POST request
Unblocking Example and apologizing
Response
{
"unblock": {
"id": 16,
"user": "Example",
"userid": 2,
"reason": "Sorry Example",
"watchuser": false
}
}
Possible errors
| Code (Blocking) | Info |
|---|---|
| alreadyblocked | The user you tried to block was already blocked |
| cantblock | You don't have permission to block users. |
| cantblock-email | You don't have permission to block users from sending email through the wiki. |
| canthide | You don't have permission to hide usernames from the block log.
This feature has to be enabled explicitly in LocalSettings.php. |
| invalidexpiry | Invalid expiry time |
| invalidip | Invalid IP address specified |
| invalidrange | Invalid IP range |
| notoken | The token parameter must be set. |
| nouser | The user parameter must be set. |
| pastexpiry | Expiry time "$1" is in the past. |
| permissiondenied | You don't have permission to block users.
On most wikis, blocking users is restricted to sysops, but other wikis may have stricter rules. |
| rangedisabled | Blocking IP ranges has been disabled |
| Code (Unblocking) | Info |
|---|---|
| notarget | Either the ID or the user parameter must be set |
| notoken | The token parameter must be set. |
| idanduser | The ID and user parameters can't be used together |
| blockedasrange | IP address "address" was blocked as part of range "range". You can't unblock the IP individually, but you can unblock the range as a whole. |
| cantunblock | The block you specified was not found. It may have been unblocked already |
| permissiondenied | You don't have permission to unblock users.
On most wikis, unblocking users is restricted to sysops, but other wikis may have different rules. |
Parameter history
- 1.29: Introduced
tags - 1.21: Removed
gettoken - 1.20: Deprecated
gettoken - 1.18: Introduced
watchuser - 1.14: Introduced
allowusertalk,reblock
See also
- API:User group membership - Add or remove users from a group
- API:Blocks - Lists all blocks