You are looking at the HTML representation of the XML format.
HTML is good for debugging, but probably is not suitable for your application.
See complete documentation, or API help for more information. 
<?xml version="1.0"?>
<api>
  <help>
    <module>* action=protect *
  Change the protection level of a page

This module requires read rights
This module requires write rights
This module only accepts POST requests
Parameters:
  title          - Title of the page you want to (un)protect
                   This parameter is required
  token          - A protect token previously retrieved through prop=info
  protections    - Pipe-separated list of protection levels, formatted action=group (e.g. edit=sysop)
                   This parameter is required
  expiry         - Expiry timestamps. If only one timestamp is set, it'll be used for all protections.
                   Use 'infinite', 'indefinite' or 'never', for a neverexpiring protection.
                   Default: infinite
  reason         - Reason for (un)protecting (optional)
                   Default: 
  cascade        - Enable cascading protection (i.e. protect pages included in this page)
                   Ignored if not all protection levels are 'sysop' or 'protect'
  watch          - DEPRECATED! If set, add the page being (un)protected to your watchlist
  watchlist      - Unconditionally add or remove the page from your watchlist, use preferences or do not change watch
                   One value: watch, unwatch, preferences, nochange
                   Default: preferences
Examples:
  api.php?action=protect&title=Main%20Page&token=123ABC&protections=edit=sysop|move=sysop&cascade=&expiry=20070901163000|never
  api.php?action=protect&title=Main%20Page&token=123ABC&protections=edit=all|move=all&reason=Lifting%20restrictions
</module>
  </help>
</api>