Authentication Documentation

Use your account credentials (username in lowercase) and tokens to manage your account programmatically. Access tokens expire after 24 hours, while Refresh tokens expire after 90 days. Use the login endpoint to receive your tokens, then use token-refresh and token-revoke endpoints to manage them. Your account password can also be managed with the associated endpoints referenced in this document.

Refresh Token

POST https://auth.enterprise.wikimedia.com/v1/token-refresh

By receiving refresh token and username provides new access and id tokens.

Request Body Required
username
string
refresh_token
string
application/json
{ "username": "admin", "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9" }
Response
  • application/json
    { "id_token": "string", "access_token": "string", "expires_in": 300 }
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }

Revoke Token

POST https://auth.enterprise.wikimedia.com/v1/token-revoke

By receiving refresh token revokes access for all of its access tokens. After the token is revoked, you can not use the revoked token to access authenticated APIs.

Request Body Required
refresh_token
string
application/json
{ "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9" }
Response
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }

Forgot Password

POST https://auth.enterprise.wikimedia.com/v1/forgot-password

By receiving username sends confirmation code that is required to change the user's password (look into /v1/forgot-password-confirm).

Request Body Required
username
string
application/json
{ "username": "admin" }
Response
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }

Forgot Password Confirmation

POST https://auth.enterprise.wikimedia.com/v1/forgot-password-confirm

By receiving username, new password and confirmation code (see /v1/forgot-password) changes user password.

Request Body Required
username
string
password
string
confirmation_code
string
application/json
{ "username": "admin", "password": "j8BDWYrQwDF5u4Yu", "confirmation_code": "6MadrbRF" }
Response
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }

Change Password

POST https://auth.enterprise.wikimedia.com/v1/change-password

Changes user password by receiving access token, previous password, and proposed password.

Request Body Required
access_token
string
previous_password
string
proposed_password
string
application/json
{ "access_token": "sInR5cCI6IkpXVCJ9eyJhbGciOiJIUzI1NiI", "previous_password": "j8BDWYrQwDF5u4Yu", "proposed_password": "b2BDWZrQwDF5u4Yu" }
Response
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }

New Password Required

POST https://auth.enterprise.wikimedia.com/v1/new-password-required

Responds NEW_PASSWORD_REQUIRED challenge by receiving username and session token and setting new password.

Request Body Required
session
string
username
string
new_password
string
application/json
{ "session": "eyJhbGcisInR5cCI6IkOiJIUzI1NiIpXVCJ9", "username": "admin", "new_password": "b2BDWZrQwDF5u4Yu" }
Response
  • application/json
    { "id_token": "string", "access_token": "string", "refresh_token": "string", "session": "string", "expires_in": 300 }
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }
  • application/json
    { "message": "string", "status": "integer" }