Skip to main content
Browse Documentation
HTTP - Management

Update a user password

Created by c.neale, last updated 23 Nov 2020

A user can update their password with a call that includes a new password and the user's current password. A member of the System Administrator group can update the password without the need to provide the existing password.

POST/api/security/users/{userIdentifier}/credentials/password

Parameter

NameParameter typeTypeFormatDescriptionExampleRequired
UserIdentifierpathstringuser identifierFor convenience, User resources can be referenced by using one of several identifiers - username, email address or Id."82f73a9b-2a13-4d63-bcc1-e8ee5047b01c" or "t.durden" or "t.durden@fightclub.com"true

Examples

POST: /api/security/users/9bb89380-fd49-41a5-ab2f-fc25e482a251/credentials/password
{
    "existing": "m4rl451ng3r",
    "new": "pr0j3ctM4yh3m"
}
POST: /api/security/users/tdurden/credentials/password
{
    "existing": "m4rl451ng3r",
    "new": "pr0j3ctM4yh3m"
}

Example request for a System Adminstrator member

POST: /api/security/users/9bb89380-fd49-41a5-ab2f-fc25e482a251/credentials/password
{
    "new": "pr0j3ctM4yh3m"
}
POST: /api/security/users/t.durden@fightclub.com/credentials/password
{
    "new": "pr0j3ctM4yh3m"
}

Remarks

If the existing password is wrong then a 409 Conflict status is returned. If the new password does not meet the user password policy then a 422 Unprocessable Entity status is returned.

Responses

HTTP status codeReasonModel
200OK - password updated successfully
401UnauthorizedError
403ForbiddenError
404User not foundError
409Invalid existing passwordError
422New password is invalidError
500Internal server errorError