Get a Cross-Site Request Forgery (CSRF) object containing your CSRF token.
Arguments
- username
Your bot username on the Wikibase instance at
wikibase_api_url.- password
Your bot password on the Wikibase instance at
wikibase_api_url.- wikibase_api_url
The full URL of the Wikibase API, which is the address that the
wbdatasetR client sends requests to when interacting with the knowledge base. For example,'https://reprexbase.eu/demowiki/api.php'. The URL must end with api.php.- csrf
The csrf object returned by
get_csrf.
Value
get_csrf returns a list that contains the CSRF token
among other data.
get_csrf_token returns a character string of length 1
with the user's CSRF token from the list returned by get_csrf.
Details
CSRF is a way for a malicious website to exploit your logged-in
session on another website to perform actions as you without your consent.
The MediaWiki API (the API of Wikibase instances) employs CSRF tokens (also
often called "edit tokens" in the MediaWiki context) as a crucial defense
mechanism against Cross-Site Request Forgery attacks.
To receive
such a CSRF security token (connected to your current editing session on a
Wikibase instance) you have to run first get_csrf to
establish your session and your credentials. As a result, you will receive
a csrf object which contains among other data, your CSRF token. Then, now
running the get_csrf_token function will unwrap from returned
csrf object the token itself, which is often, but not necessarily, a
character string of length 42.
The MediaWiki API's CSRF tokens are
not designed to be long-lived. Their lifespan is intentionally kept short,
typically tied to the user's current editing session or a reasonable
timeframe for a single action. This is a crucial security measure.
CSRF tokens act like a secret handshake between the your R script
and the MediaWiki server. Only requests that have the correct "handshake"
(the matching token) are considered legitimate. They are returned by
get_csrf.