Accounts

The following API endpoints cover a users account.

Account

This endpoint returns information about a user’s account, by the account id. Most of the information is optional and provided by the user so may be missing or inaccurate.

GET /api/v3/accounts/account/(int:user_id|string:username)/
Response JSON Object:
 
  • id (int) – The numeric user id.
  • username (string) – username chosen by the user, used in the account url. If not set will be a randomly generated string.
  • name (string) – The name chosen by the user, or the username if not set.
  • average_addon_rating (float) – The average rating for addons the developer has listed on the website.
  • num_addons_listed (int) – The number of addons the developer has listed on the website.
  • biography (string|null) – More details about the user.
  • homepage (string|null) – The user’s website.
  • location (string|null) – The location of the user.
  • occupation (string|null) – The occupation of the user.
  • picture_url (string) – URL to a photo of the user, or /static/img/anon_user.png if not set.
  • picture_type (string|null) – the image type (only ‘image/png’ is supported) if a user defined photo has been provided, or none if no photo has been provided.
  • is_addon_developer (boolean) – The user has developed and listed add-ons on this website.
  • is_artist (boolean) – The user has developed and listed themes on this website.

If you authenticate and access your own account by specifing your own user_id the following additional fields are returned. If you have Users:Edit permission you will see these extra fields for all user accounts.

GET /api/v3/accounts/account/(int:user_id|string:username)/
Response JSON Object:
 
  • email (string) – Email address used by the user to login and create this account.
  • display_name (string|null) – The name chosen by the user.
  • is_verified (boolean) – The user has been verified via FirefoxAccounts.
  • read_dev_agreement (boolean) – The user has read, and agreed to, the developer agreement that is required to submit addons.
  • deleted (boolean) – Is the account deleted.
  • last_login (string) – The date of the last successful log in to the website.
  • last_login_ip (string) – The IP address of the last successfull log in to the website.
Status Codes:

Important

  • Biography can contain HTML, or other unsanitized content, and it is the responsibiliy of the client to clean and escape it appropriately before display.

Profile

Note

This API requires authentication.

This endpoint is a shortcut to your own account. It returns an account object

GET /api/v3/accounts/profile/

Edit

Note

This API requires authentication and Users:Edit permission to edit accounts other than your own.

This endpoint allows some of the details for an account to be updated. Any fields in the account (or self) but not listed below are not editable and will be ignored in the patch request.

PATCH /api/v3/accounts/account/(int: user_id)/
Request JSON Object:
 
  • biography (string|null) – More details about the user. No links are allowed.
  • display_name (string|null) – The name chosen by the user.
  • homepage (string|null) – The user’s website.
  • location (string|null) – The location of the user.
  • occupation (string|null) – The occupation of the user.
  • username (string|null) – username to be used in the account url. The username can only contain letters, numbers, underscores or hyphens. All-number usernames are prohibited as they conflict with user-ids.

Uploading a picture

To upload a picture for the profile the request must be sent as content-type multipart/form-data instead of JSON. Images must be either PNG or JPG; the maximum file size is 4MB. Other editable values can be set at the same time.

PATCH /api/v3/accounts/account/(int: user_id)/

Request:

curl "https://addons.mozilla.org/api/v3/accounts/account/12345/"
    -g -XPATCH --form "picture_upload=@photo.png"
    -H "Authorization: Bearer <token>"
Parameters:
  • user-id – The numeric user id.
Form Parameters:
 
  • picture_upload – The user’s picture to upload.
Request Headers:
 

Collections List

Note

This API requires authentication.

This endpoint allows you to list all collections authored by the specified user. You can only list your own collections. To list collections for other users, your account must have the Users:Edit permission.

GET /api/v3/accounts/account/(int:user_id|string:username)/collections/
Response JSON Object:
 
  • count (int) – The number of results for this query.
  • next (string) – The URL of the next page of results.
  • previous (string) – The URL of the previous page of results.
  • results (array) – An array of collections.

Collection Detail

This endpoint allows you to fetch a single collection by its slug. It returns any listed collection by the specified user. You can access a non-listed collection only if it was authored by you, the authenticated user. If your account has the Users:Edit permission then you can access any collection.

GET /api/v3/accounts/account/(int:user_id|string:username)/collections/(string: collection_slug)/
Response JSON Object:
 
  • id (int) – The id for the collection.
  • addon_count (int) – The number of add-ons in this collection.
  • author.id (int) – The id of the author (creator) of the collection.
  • author.name (string) – The name of the author.
  • author.url (string) – The link to the profile page for of the author.
  • description (string|object|null) – The description the author added to the collection. (See translated fields).
  • modified (string) – The date the collection was last updated.
  • name (string|object|null) – The of the collection. (See translated fields).
  • url (string) – The (absolute) collection detail URL.

Collection Add-ons

This endpoint lists the add-ons in a collection, together with collector’s notes.

GET /api/v3/accounts/account/(int:user_id|string:username)/collections/(string: collection_slug)/addons/
Response JSON Object:
 
  • count (int) – The number of results for this query.
  • next (string) – The URL of the next page of results.
  • previous (string) – The URL of the previous page of results.
  • results (array) – An array of items in this collection.
  • results[].addon (object) – The add-on for this item.
  • results[].notes (string|object|null) – The collectors notes for this item. (See translated fields).
  • results[].downloads (int) – The downloads that occured via this collection.

Super-creation

Note

This API requires authentication.

This allows you to generate a new user account and sign in as that user.

Important

  • Your API user must be in the Accounts:SuperCreate group to access this endpoint. Use manage.py createsuperuser --add-to-supercreate-group to create a superuser with proper access.
  • This endpoint is not available in all API environments.
POST /api/v3/accounts/super-create/

Request:

Parameters:
  • email – assign the user a specific email address. A fake email will be assigned by default.
  • username – assign the user a specific username. A random username will be assigned by default.
  • fxa_id – assign the user a Firefox Accounts ID, like one returned in the uuid parameter of a profile request. This is empty by default, meaning the user’s account will need to be migrated to a Firefox Account.
  • group

    assign the user to a permission group. Valid choices:

    • reviewer: can access add-on reviewer pages, formerly known as Editor Tools
    • admin: can access any protected page
curl "https://addons.mozilla.org/api/v3/accounts/super-create/" \
    -X POST -H "Authorization: JWT <jwt-token>"

Response:

{
    "username": "super-created-7ee304ce",
    "display_name": "Super Created 7ee304ce",
    "user_id": 10985,
    "email": "super-created-7ee304ce@addons.mozilla.org",
    "fxa_id": null,
    "groups": [],
    "session_cookie": {
        "encoded": "sessionid=.eJyrVopPLC3JiC8tTi2KT...",
        "name": "sessionid",
        "value": ".eJyrVopPLC3JiC8tTi2KT..."
    }
}
Status Codes:

The session cookie will enable you to sign in for a limited time as this new user. You can pass it to any login-protected view like this:

curl --cookie sessionid=... -s -D - \
    "https://addons.mozilla.org/en-US/developers/addon/submit/1" \
    -o /dev/null

Session

Log out of the current session. This is for use with the internal authentication that authenticates browser sessions.

DELETE /api/v3/accounts/session/

Request:

curl "https://addons.mozilla.org/api/v3/accounts/session/"
    -H "Authorization: Bearer <jwt-token>" -X DELETE

Response:

{
    "ok": true
}
Status Codes: