Managing API keys
The API keys dashboard lets you create and manage OAuth 2.0 client credentials for use with the Wikimedia API.
Create a key
To create an API key, select Create key, and complete the registration form.
Create app credentials
App credentials let you build an app to publish and share. Wikimedia API requests are rate limited based on client ID, so you should create one set of client credentials per app. To create credentials, select an app type, and provide a redirect URL.
- Name: Choose a unique name to help identify your app.
- Description: Admins use this field to evaluate your client, so include a description of how your app uses Wikimedia content.
- Redirect URI is used by the OAuth authentication server to return users to your app after approval.
App credentials must be approved by Wikimedia OAuth administrators before they can be used. You can see the status of your client on the API keys dashboard. Once your app is approved, you'll receive an email from firstname.lastname@example.org.
Create a personal API token
A personal API token is tied to your Wikimedia account. It should only be used by you and should not be published or shared. To create a personal API token, select the API token key type. After submitting the form, you'll be shown a client ID, client secret, and access token. Remember to store your access token in a secure place; you won't be able to access it again through the API Portal. Personal API tokens are approved automatically.
My clients displays the status of each client.
- Approved clients are ready to use.
- Approval pending clients are waiting for review and approval by Wikimedia OAuth admins. Approval usually occurs within two weeks.
- Rejected clients have been rejected by Wikimedia OAuth admins. This is usually due to security concerns or missing or unclear information. If your client is rejected, you should receive an email from email@example.com with the rejection reason and steps to re-submit your client.
- Expired clients have not been approved within 30 days. If your client is expired, please re-create the client.
- Disabled clients have been disabled by Wikimedia OAuth admins due to security concerns or risky behavior.
To reset a client secret, select View details for the client on the API keys dashboard, and select Reset client secret. This resets all provided secrets for the client, including a personal API token. Resetting a secret does not invalidate existing secrets.