Skip to main content
Browse Documentation
HTTP - Management

Update a users password

Created by c.neale, last modified by zengenti on 17 Jun 2022

Permissions

Members of System Administrators are permitted to update the password for any user without providing the user's current password.

Authenticated standard user accounts are permitted to update their own password with a call that includes a new password and the user's current password.

POST/api/security/users/{userIdentifier}/credentials/password

Parameter

NameParameter typeTypeFormatDescriptionExampleRequired
UserIdentifierpathstringuser identifierFor convenience, User resources can be referenced by using one of several identifiers - username, email address or Id."82f73a9b-2a13-4d63-bcc1-e8ee5047b01c" or "t.durden" or "t.durden@fightclub.com"true

Examples

JSON
POST: /api/security/users/9bb89380-fd49-41a5-ab2f-fc25e482a251/credentials/password { "existing": "m4rl451ng3r", "new": "pr0j3ctM4yh3m" }
JSON
POST: /api/security/users/t.durden/credentials/password { "existing": "m4rl451ng3r", "new": "pr0j3ctM4yh3m" }

Example request for a System Adminstrator member

JSON
POST: /api/security/users/9bb89380-fd49-41a5-ab2f-fc25e482a251/credentials/password { "new": "pr0j3ctM4yh3m" }
JavaScript
POST: /api/security/users/t.durden@fightclub.com/credentials/password { "new": "pr0j3ctM4yh3m" }

Remarks

If the existing password is wrong then a 409 Conflict status is returned. If the new password does not meet the user password policy then a 422 Unprocessable Entity status is returned.

Responses

HTTP status codeReasonModel
200OK - password updated successfully
401UnauthorizedError
403ForbiddenError
404User not foundError
409Invalid existing passwordError
422New password is invalidError
500Internal server errorError