On Mon, Jan 30, 2017 at 12:25 PM, geoffreydebelie <geoffreydebelie@zoho.com> wrote:
I had problems because of the +\\ in Bash. I was replacing those with their HTML encodings but that was preventing the code from functioning.

It's actually +\ (escaped as a JSON string). You might want to use something JSON-aware like jq to process the response.
 
Can I just pass the CSRF token ("edit token") to action=edit and expect the MediaWiki API to know who I am?

The API knows who you are from the session (so you need to use cookie/cookie-jar or something similar). The CSRF token is just what its name suggests - something that verifies that you were able to read the content of the previous response.