Accounts

The following API endpoints cover a users account.

Account

This endpoint returns information about a user’s account, by the account id. Most of the information is optional and provided by the user so may be missing or inaccurate.

GET /api/v3/accounts/account/(int:user_id|string:username)/
Response JSON Object:
 
  • id (int) – The numeric user id.
  • username (string) – username chosen by the user, used in the account url. If not set will be a randomly generated string.
  • name (string) – The name chosen by the user, or the username if not set.
  • average_addon_rating (float) – The average rating for addons the developer has listed on the website.
  • num_addons_listed (int) – The number of addons the developer has listed on the website.
  • biography (string|null) – More details about the user.
  • created (string) – The date when this user first logged in and created this account.
  • homepage (string|null) – The user’s website.
  • location (string|null) – The location of the user.
  • occupation (string|null) – The occupation of the user.
  • picture_url (string) – URL to a photo of the user, or /static/img/anon_user.png if not set.
  • picture_type (string|null) – the image type (only ‘image/png’ is supported) if a user defined photo has been provided, or none if no photo has been provided.
  • is_addon_developer (boolean) – The user has developed and listed add-ons on this website.
  • is_artist (boolean) – The user has developed and listed themes on this website.

If you authenticate and access your own account by specifing your own user_id the following additional fields are returned. If you have Users:Edit permission you will see these extra fields for all user accounts.

GET /api/v3/accounts/account/(int:user_id|string:username)/
Response JSON Object:
 
  • email (string) – Email address used by the user to login and create this account.
  • display_name (string|null) – The name chosen by the user.
  • is_verified (boolean) – The user has been verified via FirefoxAccounts.
  • read_dev_agreement (boolean) – The user has read, and agreed to, the developer agreement that is required to submit addons.
  • deleted (boolean) – Is the account deleted.
  • last_login (string) – The date of the last successful log in to the website.
  • last_login_ip (string) – The IP address of the last successfull log in to the website.
Status Codes:

Important

  • Biography can contain HTML, or other unsanitized content, and it is the responsibiliy of the client to clean and escape it appropriately before display.

Profile

Note

This API requires authentication.

This endpoint is a shortcut to your own account. It returns an account object

GET /api/v3/accounts/profile/

Edit

Note

This API requires authentication and Users:Edit permission to edit accounts other than your own.

This endpoint allows some of the details for an account to be updated. Any fields in the account (or self) but not listed below are not editable and will be ignored in the patch request.

PATCH /api/v3/accounts/account/(int:user_id|string:username)/
Request JSON Object:
 
  • biography (string|null) – More details about the user. No links are allowed.
  • display_name (string|null) – The name chosen by the user.
  • homepage (string|null) – The user’s website.
  • location (string|null) – The location of the user.
  • occupation (string|null) – The occupation of the user.
  • username (string|null) – username to be used in the account url. The username can only contain letters, numbers, underscores or hyphens. All-number usernames are prohibited as they conflict with user-ids.

Uploading a picture

To upload a picture for the profile the request must be sent as content-type multipart/form-data instead of JSON. Images must be either PNG or JPG; the maximum file size is 4MB. Other editable values can be set at the same time.

PATCH /api/v3/accounts/account/(int:user_id|string:username)/

Request:

curl "https://addons.mozilla.org/api/v3/accounts/account/12345/"
    -g -XPATCH --form "picture_upload=@photo.png"
    -H "Authorization: Bearer <token>"
Parameters:
  • user-id – The numeric user id.
Form Parameters:
 
  • picture_upload – The user’s picture to upload.
Request Headers:
 

Deleting the picture

To delete the account profile picture call the special endpoint.

DELETE /api/v3/accounts/account/(int:user_id|string:username)/picture

Delete

Note

This API requires authentication and Users:Edit permission to delete accounts other than your own.

Note

Accounts of users who are authors of Add-ons can’t be deleted. All Add-ons (and Themes) must be deleted or transfered to other users first.

This endpoint allows the account to be deleted. The reviews and ratings created by the user will not be deleted; but all the user’s details are cleared.

DELETE /api/v3/accounts/account/(int:user_id|string:username)/

Notifications List

Note

This API requires authentication and Users:Edit permission to list notifications on accounts other than your own.

This endpoint allows you to list the account notifications set for the specified user. The result is an unpaginated list of the fields below. There are currently 11 notification types.

GET /api/v3/accounts/account/(int:user_id|string:username)/notifications/
Response JSON Object:
 
  • name (string) – The notification short name.
  • enabled (boolean) – If the notification is enabled (defaults to True).
  • mandatory (boolean) – If the notification can be set by the user.

Notifications Update

Note

This API requires authentication and Users:Edit permission to set notification preferences on accounts other than your own.

This endpoint allows account notifications to be set or updated. The request should be a dict of name:True|False pairs. Any number of notifications can be changed; only non-mandatory notifications can be changed - attempting to set a mandatory notification will return an error.

POST /api/v3/accounts/account/(int:user_id|string:username)/notifications/
Request JSON Object:
 
  • <name> (boolean) – Is the notification enabled?

Super-creation

Note

This API requires authentication.

This allows you to generate a new user account and sign in as that user.

Important

  • Your API user must be in the Accounts:SuperCreate group to access this endpoint. Use manage.py createsuperuser --add-to-supercreate-group to create a superuser with proper access.
  • This endpoint is not available in all API environments.
POST /api/v3/accounts/super-create/

Request:

Parameters:
  • email – assign the user a specific email address. A fake email will be assigned by default.
  • username – assign the user a specific username. A random username will be assigned by default.
  • fxa_id – assign the user a Firefox Accounts ID, like one returned in the uuid parameter of a profile request. This is empty by default, meaning the user’s account will need to be migrated to a Firefox Account.
  • group

    assign the user to a permission group. Valid choices:

    • reviewer: can access add-on reviewer pages, formerly known as Editor Tools
    • admin: can access any protected page
curl "https://addons.mozilla.org/api/v3/accounts/super-create/" \
    -X POST -H "Authorization: JWT <jwt-token>"

Response:

{
    "username": "super-created-7ee304ce",
    "display_name": "Super Created 7ee304ce",
    "user_id": 10985,
    "email": "super-created-7ee304ce@addons.mozilla.org",
    "fxa_id": null,
    "groups": [],
    "session_cookie": {
        "encoded": "sessionid=.eJyrVopPLC3JiC8tTi2KT...",
        "name": "sessionid",
        "value": ".eJyrVopPLC3JiC8tTi2KT..."
    }
}
Status Codes:

The session cookie will enable you to sign in for a limited time as this new user. You can pass it to any login-protected view like this:

curl --cookie sessionid=... -s -D - \
    "https://addons.mozilla.org/en-US/developers/addon/submit/1" \
    -o /dev/null

Session

Log out of the current session. This is for use with the internal authentication that authenticates browser sessions.

DELETE /api/v3/accounts/session/

Request:

curl "https://addons.mozilla.org/api/v3/accounts/session/"
    -H "Authorization: Bearer <jwt-token>" -X DELETE

Response:

{
    "ok": true
}
Status Codes: