Dear list members,

yesterday I fiddled around with my MW-API (v1.27.2) and a registered bot-user (Special:BotPassword) using the Httpful PHP client library [0]. My goal is to edit and create pages with my bot.

[0] https://github.com/nategood/httpful/

Making GET queries is working very well but I can’t login. − So I need some advices from you, please.

Like I understood I have to make 4 requests: 1. = GET to "api.php?action=query&meta=tokens&type=login" 2. = POST to "api.php?action=login". 3. = POST to "api.php?action=query&meta=tokens&type=csrf" 4. = POST to "api.php?action=edit&[…]"

I made a small code sample that you can find here [1].

[1] https://pastebin.com/AX9fuxRX

With the 1st request I save the login-token and the cookie (from the header). − This is working well.

Making the 2nd request I have to send "lgname", "lgpassword" and "lgtoken" in the body and the cookie in the header. − But then I get the API warning: "Fetching a token via action=login is deprecated. Use action=query&meta=tokens&type=login instead." The response includes the result ("NeedToken") and "token", "cookieprefix", "sessionid".

If I use the body-parameters as URL-parameters I get the API warning: "The following parameters were found in the query string, but must be in the POST body: lgpassword, lgtoken".

So I think I need to know: Which steps/requests I have to do − with which: HTTP method, URL and parameters, body data. (Step 3 and 4 aren’t possible for me

Excuse me if that question(s) are more noobish …! − I read the documentation and some mailinglist posts. But I couldn’t find any hint of the ‚big picture‘ (of the process).

Thanks a lot (in advance for a solution) and best regards Kai