Changing user password
- Thomas Langenskiold
Changing user password
Endpoints overview:
| Endpoint | HTTP method | Purpose |
|---|---|---|
| PATCH | Change user password |
The user may change their password by calling the /api/users/v2/users/{user_id} endpoint. The user must be logged in in order to do so, and for security reasons they are required to provide the current password in order to change it.
Resetting forgotten password
If a user has forgotten their password, they can request a temporary single-use reset code with which they can set a new password. The code will be sent to them in an email.
See the specification for the related API endpoints: User information v2#/Password%20Reset
Endpoints overview:
| Endpoint | HTTP method | Purpose |
|---|---|---|
| POST | Request password reset code | |
| POST | Set new password with the requested reset code |
The client may request a single-use temporary reset code by calling /api/users/v2/reset_password. The reset-code is sent to the user's email.
Reset email
See Email sending for more information on how the email is sent.
Typically the email should contain a link to some UI page where the password and user email are hidden for a better user experience. The dynamic data sent in the email is as follows:
{
"email": "example@24i.com",
"code": "c94bf0808298486a1e9dd3c5bb373b44"
}
The code will expire after a configured amount of time has passed, after which the user must request a new reset code if they still wish to reset their password.
The email is also provided as it is required to be passed on to the confirm password reset endpoint.
Confirm password reset
After the user has received the reset code, they may then use that code to call /api/users/v2/confirm_reset_password with a new password of their choice. If the code is valid and not expired, the user's password will be changed to the provided one. The reset code will be revoked and no longer usable.
The user can now login with their new password.