Passwords

Manage your users' passwords.

Create a password

Create a new password for the user identified by the user_id path parameter.

Securityapi_key
Request
path Parameters
user_id
required
string (UserId) ^[0-9]+$

The user id for which this password is created.

Request Body schema: application/json
required
required
object (SensitivePassword)

The user's password or passcode used to log in a user. Passwords must be:

  • between 8 and 30 characters
  • include a lowercase character
  • include an uppercase character
  • include a digit and a special character
  • different from any of the 5 last such passwords used.

For non-PCI compliant integrations, the password submitted must be tokenised.

Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested token couldn't be found.

409

Conflict

410

Gone - The requested token is expired.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/passwords/{user_id}/create
Request samples
application/json
{
  • "password": {
    }
}
Response samples
application/json
{
  • "passwordInfo": {
    },
  • "token": "string"
}

Update a password

Update the password for the logged-in user.

Securityauth_token and api_key
Request
Request Body schema: application/json
required
required
object (SensitivePassword)

The user's password or passcode used to log in a user. Passwords must be:

  • between 8 and 30 characters
  • include a lowercase character
  • include an uppercase character
  • include a digit and a special character
  • different from any of the 5 last such passwords used.

For non-PCI compliant integrations, the password submitted must be tokenised.

required
object (SensitivePassword)

The user's password or passcode used to log in a user. Passwords must be:

  • between 8 and 30 characters
  • include a lowercase character
  • include an uppercase character
  • include a digit and a special character
  • different from any of the 5 last such passwords used.

For non-PCI compliant integrations, the password submitted must be tokenised.

Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested token couldn't be found.

409

Conflict

410

Gone - The requested token is expired.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/passwords/update
Request samples
application/json
{
  • "oldPassword": {
    },
  • "newPassword": {
    }
}
Response samples
application/json
{
  • "passwordInfo": {
    },
  • "token": "string"
}

Validate a password

Check that a password adheres to all complexity checks.

Securityapi_key
Request
Request Body schema: application/json
required
required
object (SensitivePassword)

The user's password or passcode used to log in a user. Passwords must be:

  • between 8 and 30 characters
  • include a lowercase character
  • include an uppercase character
  • include a digit and a special character
  • different from any of the 5 last such passwords used.

For non-PCI compliant integrations, the password submitted must be tokenised.

Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested token couldn't be found.

409

Conflict

410

Gone - The requested token is expired.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/passwords/validate
Request samples
application/json
{
  • "password": {
    }
}
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}

Initiate lost password process

Initiate the lost password process.

If the email address provided is associated with an active user, an email will be sent, containing a URL that redirects the user to change their password. The URL contains request parameters for all of the parameters required to change the password for the user via the /passwords/lost_password/resume POST endpoint.

Securityapi_key
Request
Request Body schema: application/json
required
email
required
string <email> (Email)

E-mail Address of the user

Responses
204

Success - No Content.

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested resource couldn't be found.

409

Conflict

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/passwords/lost_password/start
Request samples
application/json
{
  • "email": "user@example.com"
}
Response samples
application/json
{
  • "message": "string",
  • "syntaxErrors": {
    }
}

Resume lost password process

This is the second and final step in updating the password of a user who forgot their password.

Securityapi_key
Request
Request Body schema: application/json
required
nonce
required
string (Nonce) = 6 characters ^[0-9]*$

A randomly generated one-time use code.

email
required
string <email> (Email)

E-mail Address of the user

required
object (SensitivePassword)

The user's password or passcode used to log in a user. Passwords must be:

  • between 8 and 30 characters
  • include a lowercase character
  • include an uppercase character
  • include a digit and a special character
  • different from any of the 5 last such passwords used.

For non-PCI compliant integrations, the password submitted must be tokenised.

Responses
200

Success

400

Bad Request Error - Your request is invalid.

401

Unauthorized - Your credentials or access token are invalid.

403

Forbidden - Access to the requested resource or action is forbidden.

404

Not found - The requested token couldn't be found.

409

Conflict

410

Gone - The requested token is expired.

429

Too many requests.

500

Internal Server Error - There is a problem with the server. Please try again later.

503

Service Unavailable - We're temporarily offline for maintenance. Please try again later.

default

Error

post/passwords/lost_password/resume
Request samples
application/json
{
  • "nonce": "string",
  • "email": "user@example.com",
  • "newPassword": {
    }
}
Response samples
application/json
{
  • "token": "string"
}