API integration
- API Integration – A Server Engineer’s Guide
This article details the server-side configuration required for robust and secure API integration with our MediaWiki 1.40 installation. It is geared towards new server engineers, system administrators, and developers seeking to extend MediaWiki’s functionality.
Understanding the MediaWiki API
The MediaWiki API provides programmatic access to wiki data and functionality. It allows external applications to read and write wiki content, manage users, and perform other operations without requiring direct interaction with the web interface. This is crucial for automation, data synchronization, and building custom tools. The API uses a variety of formats, most commonly JSON and XML, and communicates over HTTP. Proper configuration is vital for security and performance. See Manual:API for a comprehensive overview.
Security Considerations
Before enabling API access, understanding security implications is paramount. Unrestricted API access can lead to data breaches, vandalism, and denial-of-service attacks. We employ several layers of security:
- IP Whitelisting: Restricting API access to trusted IP addresses.
- API Rate Limiting: Limiting the number of requests from a single IP address within a given timeframe. See Extension:RateLimit for details on configuring this.
- Authentication: Requiring API users to authenticate with valid usernames and passwords or API tokens. See Manual:API#Authentication for details.
- HTTPS: Enforcing HTTPS for all API traffic to encrypt data in transit. This is handled at the web server level (Apache or Nginx).
Server-Side Configuration – `LocalSettings.php`
The primary configuration for the MediaWiki API resides within the `LocalSettings.php` file. Several key settings control API behavior. These settings must be carefully reviewed and adjusted to match our security policies and performance requirements.
Here's a table of the most important settings:
| Setting | Description | Default Value | Our Configuration |
|---|---|---|---|
| `$wgAPIHashSecret` | A secret key used to sign API requests, preventing tampering. | Automatically generated during installation. | `aVeryLongAndSecureSecretString` |
| `$wgAPIPath` | The URL path for the API endpoint. | `/w/api.php` | `/api/mw` (customized for reverse proxy) |
| `$wgAPIVarsFromParam` | Allows parameters to be passed through GET and POST requests. | `true` | `false` (for enhanced security) |
| `$wgAPIEnableActionTitles` | Enables action titles in API requests, improving clarity. | `true` | `true` |
| `$wgAPIThrottleTable` | The table used to store API rate limit information. | `api_throttle` | `api_throttle` |
Remember to restart the web server after modifying `LocalSettings.php`.
Web Server Configuration (Apache/Nginx)
The web server plays a crucial role in handling API requests. Proper configuration is essential for performance and security. We use Nginx as a reverse proxy in front of Apache.
Here's a table detailing the Nginx configuration specific to the API endpoint:
| Directive | Value | Description |
|---|---|---|
| `location /api/mw {` | Defines the configuration block for the API endpoint. | |
| `proxy_pass http://127.0.0.1:8080;` | Passes requests to the Apache backend. (Port 8080 is a typical Apache configuration.) | |
| `proxy_set_header Host $host;` | Forward the original host header. | |
| `proxy_set_header X-Real-IP $remote_addr;` | Forward the client's IP address. | |
| `proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;` | Append the client's IP address to the X-Forwarded-For header. | |
| `proxy_buffering off;` | Disables buffering for real-time API responses. |
Apache configuration needs to ensure that `api.php` is correctly mapped to the MediaWiki installation. This is usually handled by mod_rewrite or similar modules. Refer to the Manual:Configuration for detailed Apache configuration instructions.
API Extension Configuration
Several extensions extend the MediaWiki API with new functionality. We currently utilize the following extensions:
- API: The core API extension. Always enabled.
- OAuth: Enables OAuth authentication for API access. See Extension:OAuth for configuration details.
- RateLimit: Controls API request rates. See Extension:RateLimit.
- UniversalLanguageSelector: Allows for language negotiation via the API. See Extension:UniversalLanguageSelector.
Here's a table summarizing the configuration of these extensions:
| Extension | Configuration Key | Value | Description |
|---|---|---|---|
| OAuth | `$wgOAuth` | `true` | Enables OAuth authentication. |
| OAuth | `$wgOAuthConsumerKey` | `your_consumer_key` | The OAuth consumer key. |
| RateLimit | `$wgRateLimitTable` | `api_throttle` | The table to store rate limit information. |
| RateLimit | `$wgRateLimitDefault` | `500 requests/minute` | The default rate limit for anonymous users. |
| UniversalLanguageSelector | `$wgULSSupportedLanguages` | `en,de,fr,es` | List of supported languages for API language negotiation. |
Monitoring and Logging
Monitoring API usage and logging requests are crucial for identifying performance bottlenecks and security threats. We use the following:
- Web Server Logs: Analyzing Nginx and Apache logs for API requests.
- Database Queries: Monitoring database query performance related to API requests.
- Special:ApiReport: A special page providing basic API usage statistics. See Special:ApiReport.
- Custom Logging: Implementing custom logging within API extensions to track specific events.
Further Reading
- Manual:API - The official MediaWiki API documentation.
- Manual:Configuration - Details on configuring MediaWiki.
- Extension:RateLimit - Documentation for the RateLimit extension.
- Extension:OAuth - Documentation for the OAuth extension.
- Manual:Extension installation - Instructions on installing extensions.
Intel-Based Server Configurations
| Configuration | Specifications | Benchmark |
|---|---|---|
| Core i7-6700K/7700 Server | 64 GB DDR4, NVMe SSD 2 x 512 GB | CPU Benchmark: 8046 |
| Core i7-8700 Server | 64 GB DDR4, NVMe SSD 2x1 TB | CPU Benchmark: 13124 |
| Core i9-9900K Server | 128 GB DDR4, NVMe SSD 2 x 1 TB | CPU Benchmark: 49969 |
| Core i9-13900 Server (64GB) | 64 GB RAM, 2x2 TB NVMe SSD | |
| Core i9-13900 Server (128GB) | 128 GB RAM, 2x2 TB NVMe SSD | |
| Core i5-13500 Server (64GB) | 64 GB RAM, 2x500 GB NVMe SSD | |
| Core i5-13500 Server (128GB) | 128 GB RAM, 2x500 GB NVMe SSD | |
| Core i5-13500 Workstation | 64 GB DDR5 RAM, 2 NVMe SSD, NVIDIA RTX 4000 |
AMD-Based Server Configurations
| Configuration | Specifications | Benchmark |
|---|---|---|
| Ryzen 5 3600 Server | 64 GB RAM, 2x480 GB NVMe | CPU Benchmark: 17849 |
| Ryzen 7 7700 Server | 64 GB DDR5 RAM, 2x1 TB NVMe | CPU Benchmark: 35224 |
| Ryzen 9 5950X Server | 128 GB RAM, 2x4 TB NVMe | CPU Benchmark: 46045 |
| Ryzen 9 7950X Server | 128 GB DDR5 ECC, 2x2 TB NVMe | CPU Benchmark: 63561 |
| EPYC 7502P Server (128GB/1TB) | 128 GB RAM, 1 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (128GB/2TB) | 128 GB RAM, 2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (128GB/4TB) | 128 GB RAM, 2x2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (256GB/1TB) | 256 GB RAM, 1 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (256GB/4TB) | 256 GB RAM, 2x2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 9454P Server | 256 GB RAM, 2x2 TB NVMe |
Order Your Dedicated Server
Configure and order your ideal server configuration
Need Assistance?
- Telegram: @powervps Servers at a discounted price
⚠️ *Note: All benchmark scores are approximate and may vary based on configuration. Server availability subject to stock.* ⚠️