Authentication Documentation

Use your credentials and tokens to manage your account programmatically. Access Tokens expire after 24 hours, while refresh tokens expire after 90 days. Use login to receive your tokens and use refresh token and revoke token to manage access.

Refresh Token

POST https://auth.enterprise.wikimedia.com/v1/token-refresh

By receiving refresh token and username provides new access and id tokens.

Request Body Required
username
string
refresh_token
string
application/json
{ "username": "admin", "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9" }
Response
  • application/json
    { "id_token": "string", "access_token": "string", "expires_in": 300 }
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }

Revoke Token

POST https://auth.enterprise.wikimedia.com/v1/token-revoke

By receiving refresh token revokes access for all of its access tokens. After the token is revoked, you can not use the revoked token to access authenticated APIs.

Request Body Required
refresh_token
string
application/json
{ "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9" }
Response
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }

Forgot Password

POST https://auth.enterprise.wikimedia.com/v1/forgot-password

By receiving username sends confirmation code that is required to change the user's password (look into /v1/forgot-password-confirm).

Request Body Required
username
string
application/json
{ "username": "admin" }
Response
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }

Forgot Password Confirmation

POST https://auth.enterprise.wikimedia.com/v1/forgot-password-confirm

By receiving username, new password and confirmation code (see /v1/forgot-password) changes user password.

Request Body Required
username
string
password
string
confirmation_code
string
application/json
{ "username": "admin", "password": "j8BDWYrQwDF5u4Yu", "confirmation_code": "6MadrbRF" }
Response
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }

Change Password

POST https://auth.enterprise.wikimedia.com/v1/change-password

Changes user password by receiving access token, previous password, and proposed password.

Request Body Required
access_token
string
previous_password
string
proposed_password
string
application/json
{ "access_token": "sInR5cCI6IkpXVCJ9eyJhbGciOiJIUzI1NiI", "previous_password": "j8BDWYrQwDF5u4Yu", "proposed_password": "b2BDWZrQwDF5u4Yu" }
Response
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }

New Password Required

POST https://auth.enterprise.wikimedia.com/v1/new-password-required

Responds `NEW_PASSWORD_REQUIRED` challenge by receiving username and session token and setting new password.

Request Body Required
session
string
username
string
new_password
string
application/json
{ "session": "eyJhbGcisInR5cCI6IkOiJIUzI1NiIpXVCJ9", "username": "admin", "new_password": "b2BDWZrQwDF5u4Yu" }
Response
  • application/json
    { "id_token": "string", "access_token": "string", "refresh_token": "string", "session": "string", "expires_in": 300 }
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }