Mozillians API

The API is a REST API that allows community sites to determine the vouched status of individual users, and allows Mozilla Corporation sites to get detailed information about users and groups in This document explains how to use the API to enhance your application.


All endpoints of the API require authentication. Users can opt-out of being visible to either community or Mozillia Corporation API consumers by editing their profiles.

Using API Data

The API exposes personal data about people who have created profiles on and who have chosen to expose that data to Mozilla’s community or corporation sites. Applications that consume API data must protect all data retrieved from the API as specified by Mozilla’s websites privacy policy. Furthermore, they must follow these guidelines:

  1. Do not store copies of data. If your application requires data served by the API, it should request that data from the API, and should not make durable/permanent local copies of data retrieved from the API. Any exception to this rule requires a data safety review.
  2. Do not expose data to an audience it was not intended for. data is visible, by default, to vouched members of Your application must not expose it to a wider audience unless specifically allowed by per-field privacy level or following a data safety review.
  3. Respect per-field privacy levels. Certain fields retrieved from the API may be subject to user-configured privacy levels. These privacy levels may be less restrictive than the default (“public”) or more restrictive (“privileged”). In future releases of the API, a particular field’s privacy level may accompany the field in the API response. Your application must respect and enforce any privacy level present in an API response.

If you believe an application is misusing API data, please file a bug.

Getting an API Key

Community sites and Mozilla Corporation sites can request an API key by submitting a bug. The bug should include the URL and description of the application and details about the expected use of API data.

All requests are reviewed by product owners and data safety experts; not all requests are approved.

API keys are granted per application, not per user.