Accounts

Warning

These v3 APIs are now deprecated and you should switch to a newer version before it is removed. See the API versions available for details of the different API versions available and the deprection timeline.

The following API endpoints cover a users account.

Account

This endpoint returns information about a user’s account, by the account id. Only developer accounts are publicly viewable - other user’s accounts will return a 404 not found response code. Most of the information is optional and provided by the user so may be missing or inaccurate.

A developer is defined as a user who is listed as a developer or owner of one or more approved add-ons.

GET /api/v3/accounts/account/(int:user_id|string:username)/
Response JSON Object:
  • average_addon_rating (float) – The average rating for addons the developer has listed on the website.

  • biography (string|null) – More details about the user.

  • created (string) – The date when this user first logged in and created this account.

  • has_anonymous_display_name (boolean) – The user has chosen neither a name nor a username.

  • has_anonymous_username (boolean) – The user hasn’t chosen a username.

  • homepage (string|null) – The user’s website.

  • id (int) – The numeric user id.

  • is_addon_developer (boolean) – The user has developed and listed add-ons on this website.

  • is_artist (boolean) – The user has developed and listed themes on this website.

  • location (string|null) – The location of the user.

  • name (string) – The name chosen by the user, or the username if not set.

  • num_addons_listed (int) – The number of addons the developer has listed on the website.

  • occupation (string|null) – The occupation of the user.

  • picture_type (string|null) – the image type (only ‘image/png’ is supported) if a user photo has been uploaded, or null otherwise.

  • picture_url (string|null) – URL to a photo of the user, or null if no photo has been uploaded.

  • username (string) – username chosen by the user, used in the account url. If not set will be a randomly generated string.

If you authenticate and access your own account by specifing your own user_id the following additional fields are returned. You can always access your account, regardless of whether you are a developer or not. If you have Users:Edit permission you will see these extra fields for all user accounts.

GET /api/v3/accounts/account/(int:user_id|string:username)/
Response JSON Object:
  • deleted (boolean) – Is the account deleted.

  • display_name (string|null) – The name chosen by the user.

  • email (string) – Email address used by the user to login and create this account.

  • last_login (string) – The date of the last successful log in to the website.

  • last_login_ip (string) – The IP address of the last successfull log in to the website.

  • is_verified (boolean) – The user has been verified via FirefoxAccounts.

  • permissions (array) – A list of the additional permissions this user has.

  • read_dev_agreement (boolean) – The user has read, and agreed to, the developer agreement that is required to submit addons.

Status Codes:

Important

  • Biography can contain HTML, or other unsanitized content, and it is the responsibiliy of the client to clean and escape it appropriately before display.

Permissions can be any arbritary string in the format app:action. Either app or action can be the wildcard *, so *:* means the user has permission to do all actions (i.e. full admin).

The following are some commonly tested permissions; see https://github.com/mozilla/addons-server/blob/master/src/olympia/constants/permissions.py for the full list.

Value

Description

Addons:Edit

Allows viewing and editing of any add-ons details in developer tools.

Addons:Review

Can access the add-on reviewer tools to approve/reject add-on submissions.

Addons:ThemeReview

Can access the theme reviewer tools to approve/reject theme submissions.

Profile

Note

This API requires authentication.

This endpoint is a shortcut to your own account. It returns an account object

GET /api/v3/accounts/profile/

Edit

Note

This API requires authentication and Users:Edit permission to edit accounts other than your own.

This endpoint allows some of the details for an account to be updated. Any fields in the account (or self) but not listed below are not editable and will be ignored in the patch request.

PATCH /api/v3/accounts/account/(int:user_id|string:username)/
Request JSON Object:
  • biography (string|null) – More details about the user. No links are allowed.

  • display_name (string|null) – The name chosen by the user.

  • homepage (string|null) – The user’s website.

  • location (string|null) – The location of the user.

  • occupation (string|null) – The occupation of the user.

  • username (string|null) – username to be used in the account url. The username can only contain letters, numbers, underscores or hyphens. All-number usernames are prohibited as they conflict with user-ids.

Uploading a picture

To upload a picture for the profile the request must be sent as content-type multipart/form-data instead of JSON. Images must be either PNG or JPG; the maximum file size is 4MB. Other editable values can be set at the same time.

PATCH /api/v3/accounts/account/(int:user_id|string:username)/

Request:

curl "https://addons.mozilla.org/api/v3/accounts/account/12345/"
    -g -XPATCH --form "picture_upload=@photo.png"
    -H "Authorization: JWT <token>"
Parameters:
  • user-id – The numeric user id.

Form Parameters:
  • picture_upload – The user’s picture to upload.

Request Headers:

Deleting the picture

To delete the account profile picture call the special endpoint.

DELETE /api/v3/accounts/account/(int:user_id|string:username)/picture

Delete

Note

This API requires authentication and Users:Edit permission to delete accounts other than your own.

Note

Accounts of users who are authors of Add-ons can’t be deleted. All Add-ons (and Themes) must be deleted or transfered to other users first.

This endpoint allows the account to be deleted. The reviews and ratings created by the user will not be deleted; but all the user’s details are cleared.

DELETE /api/v3/accounts/account/(int:user_id|string:username)/

Notifications List

Note

This API requires authentication and Users:Edit permission to list notifications on accounts other than your own.

This endpoint allows you to list the account notifications set for the specified user. The result is an unpaginated list of the fields below. There are currently 11 notification types.

GET /api/v3/accounts/account/(int:user_id|string:username)/notifications/
Response JSON Object:
  • name (string) – The notification short name.

  • enabled (boolean) – If the notification is enabled (defaults to True).

  • mandatory (boolean) – If the notification can be set by the user.

Notifications Update

Note

This API requires authentication and Users:Edit permission to set notification preferences on accounts other than your own.

This endpoint allows account notifications to be set or updated. The request should be a dict of name:True|False pairs. Any number of notifications can be changed; only non-mandatory notifications can be changed - attempting to set a mandatory notification will return an error.

POST /api/v3/accounts/account/(int:user_id|string:username)/notifications/
Request JSON Object:
  • <name> (boolean) – Is the notification enabled?

Super-creation

Note

This API requires authentication.

This allows you to generate a new user account and sign in as that user.

Important

  • Your API user must be in the Accounts:SuperCreate group to access this endpoint. Use manage.py createsuperuser --add-to-supercreate-group to create a superuser with proper access.

  • This endpoint is not available in all API environments.

POST /api/v3/accounts/super-create/

Request:

Parameters:
  • email – assign the user a specific email address. A fake email will be assigned by default.

  • username – assign the user a specific username. A random username will be assigned by default.

  • fxa_id – assign the user a Firefox Accounts ID, like one returned in the uuid parameter of a profile request. This is empty by default, meaning the user’s account will need to be migrated to a Firefox Account.

  • group

    assign the user to a permission group. Valid choices:

    • reviewer: can access add-on reviewer pages, formerly known as Editor Tools

    • admin: can access any protected page

curl "https://addons.mozilla.org/api/v3/accounts/super-create/" \
    -X POST -H "Authorization: JWT <jwt-token>"

Response:

{
    "username": "super-created-7ee304ce",
    "display_name": "Super Created 7ee304ce",
    "user_id": 10985,
    "email": "super-created-7ee304ce@addons.mozilla.org",
    "fxa_id": null,
    "groups": [],
    "session_cookie": {
        "encoded": "sessionid=.eJyrVopPLC3JiC8tTi2KT...",
        "name": "sessionid",
        "value": ".eJyrVopPLC3JiC8tTi2KT..."
    }
}
Status Codes:

The session cookie will enable you to sign in for a limited time as this new user. You can pass it to any login-protected view like this:

curl --cookie sessionid=... -s -D - \
    "https://addons.mozilla.org/en-US/developers/addon/submit/1" \
    -o /dev/null

Session

Log out of the current session. This is for use with the internal authentication that authenticates browser sessions.

DELETE /api/v3/accounts/session/

Request:

curl "https://addons.mozilla.org/api/v3/accounts/session/"
    -H "Authorization: Session <sessionid>" -X DELETE

Response:

{
    "ok": true
}
Status Codes: