API:Account creation/pre-1.27

Createaccount
	Create a new user account.; This module cannot be used as a generator.
Prefix	none
Required rights	none
Post only?	Yes
Generated help	Current
	≥ 1.21

This page is part of the MediaWiki Action API documentation.

Creating accounts

You can create accounts using the API. This can be a new account for yourself, or you can create an account for someone else, with a random password mailed to that person. Account creations are recorded in Special:log/newusers. If you're logged in, your username will also be recorded when creating an account.

Parameters

name: User name.
password: Password (ignored if mailpassword is set).
domain: Domain for external authentication.
token: Account creation token obtained in first request.
email: Email address of user (required if either mailpassword or $wgEmailConfirmToEdit are set).
realname: Real name of user. Many wikis have realname disabled via $wgHiddenPrefs . To check whether realname is enabled or not, request api.php?action=query&meta=userinfo&uiprop=realname. If you get no realname property back in the response, realname is a hidden preference.
mailpassword: If set to any value, a random password will be generated and e-mailed to the user (instead of using the password parameter).
reason: Reason for creating the account. Will be shown in the account creation log (example).
language: Language code to set as default for the user.

Extended parameters when used with Extension:ConfirmEdit (except ReCaptcha):

captchaid: Previously-provided CAPTCHA ID to send with followup request, if captcha was required.
captchaword: User-provided answer of CAPTCHA to send with followup request, if captcha was required.

Token

To create an account, a token is required. To retrieve a token, you make the request that you want, except with the token field being an empty string. Once you retrieve the token, you make the request again with the token filled in. This is similar to how the log in module works. See the example below for details.

Unlike most API Tokens, create account tokens will only work for one request. After creating an account with this module, you need a new token before you can create another account (The success message will contain such a token)

Example

Note: In this example, all parameters are passed in a GET request just for the sake of simplicity. However, action=createaccount requires POST requests; GET requests will cause an error.

Step 1: Retrieve token to create an account for GymBeauWhales

api.php?action=createaccount&name=GymBeauWhales&email=GymBeauWhales@wikipmediawiki.net&realname=Gymmy_Dahnyl_Wails&mailpassword=true&reason=Fun_and_profit&language=en&token= [try in ApiSandbox]

We should now receive a response like:

{
    "createaccount": {
        "result": "NeedToken", 
        "token": "387bc54bd0ec29333178800ce4213306"
    }
}

If you get an error about "newcookiesfornew", it is due to a bug in early versions of 1.21. Repeating the request should fix that

We take the token given here, and add it to the request:

Step 2: Actually create GymBeauWhales account

api.php?action=createaccount&name=GymBeauWhales&email=GymBeauWhales@wikipmediawiki.net&realname=Gymmy_Dahnyl_Wails&mailpassword=true&reason=Fun_and_profit&language=en&token=387bc54bd0ec29333178800ce4213306 [try in ApiSandbox]

Assuming everything works, we should get a result like:

{
    "createaccount": {
        "result": "Success", 
        "token": "387bc54bd0ec29333178800ce4213306", 
        "userid": 1234, 
        "username": "GymBeauWhales"
    }
}

And GymBeauWhales@example.com would get an email with instructions on how to log in.

CAPTCHA

When used with Extension:ConfirmEdit, a CAPTCHA may be presented for new account creations. This is supported via extension in the API here.

When submitting per the above rules and receiving a response, you may also receive a captcha node in the return data, similar to what is sometimes returned by action=edit.

For a text-based CAPTCHA:

{
  "createaccount": {
    "result": "NeedCaptcha",
    "captcha": {
      "type": "simple",
      "mime": "text/plain",
      "id": "323035635",
      "question": "77+5"
    }
  }
}

For an image-based CAPTCHA:

{
  "createaccount": {
    "result": "NeedCaptcha",
    "captcha": {
      "type": "image",
      "mime": "image/png",
      "id": "1147869849",
      "url": "/core/index.php?title=Special:Captcha/image&wpCaptchaId=1147869849"
    }
  }
}

Be aware that the URL may be site-relative or protocol-relative.

When you receive such a response, you need to submit a third response, which is similar to the one submitted in step 2 but contains the necessary responses. By default, you should return the captcha id in the captchaid parameter, and the value (solution) of the captcha in the captchaword parameter, however some captcha modules, like ReCaptcha, use different parameters. Check the module's documentation for specifics.

As of the current code (see ) you won't receive the captcha prompt response until after basic validation errors have been taken care of.

Possible outputs

The result value can have one of three values (n.b., values are lower-case prior to 1.23):

NeedToken: A token is needed. A token parameter should also be set with a token to use.
```
{ "createaccount": { "result": "NeedToken", "token": "8217b293a6bd0bba84cc1cb661a06a5d" } }
```
- If you get a NeedToken result when you are expecting a success result, make sure the token you are sending is correct, and that you are sending along any cookies sent by the API.

Success: Everything worked

{ "createaccount": { "result": "Success", "token": "8217b293a6bd0bba84cc1cb661a06a5d", "userid": 1234, "username": "Foo" } }

Warning: Not used in core, however extensions can (in theory) add warnings, in which case the result attribute will be warning. However, this still generally means the account was created successfully.

Possible errors

All errors are formatted as:

{
    "error": {
        "code": "code", 
        "info": "info"
    }
}

Many of the info codes to this module correspond to system messages. As a result the info part may change and in particular will vary with language.

Code	Info
nocookiesfornew	The user account was not created, as we could not confirm its source. Ensure you have cookies enabled, reload this page and try again. Note: This code is sometimes returned due to a bug in early versions of MediaWiki 1.21. If you receive this error, retrying the request (ensuring cookies are sent) should fix.
sorbs_create_account_reason	Your IP address is listed as an open proxy in the DNSBL .
noname	You have not specified a valid username
userexists	Username entered already in use
password-name-match	Your password must be different from your username.
password-login-forbidden	The use of this username and password has been forbidden
noemailtitle	No email address
invalidemailaddress	The e-mail address cannot be accepted as it appears to have an invalid format
externaldberror	There was either an authentication database error or you are not allowed to update your external account
passwordtooshort	The password was shorter than the value of $wgMinimalPasswordLength
noemail	There is no e-mail address recorded for user
mustbeposted	The createaccount module requires a POST request
acct_creation_throttle_hit	Visitors to this wiki using your IP address have created $1 accounts in the last day, which is the maximum allowed in this time period. As a result, visitors using this IP address cannot create any more accounts at the moment.
wrongpassword	Incorrect password entered. Please try again. Note: Can be caused by the "domain" field being incorrect.
aborted	Aborted by an extension (info will have more details)
blocked	You cannot create a new account because you are blocked
permdenied-createaccount	You do not have the right to create a new account
createaccount-hook-aborted	An extension aborted the account creation
captcha-createaccount-fail	(With Extension:ConfirmEdit and old core) Submitted CAPTCHA answer was incorrect

Disable

To disable specifically this API feature, insert the following line in your configuration file:

$wgAPIModules['createaccount'] = 'ApiDisabled';