Home B2Core API Change or restore client passwords

Change or restore client passwords

This tutorial provides detailed instructions on changing existing client passwords or restoring passwords via API.

Authorized clients may want to change their passwords for security or other reasons.

The procedure of restoring a password becomes necessary if a client needs to recover access to the profile after forgetting their password.

Both procedures include client verification by email address and setting a new password.

Change a client password

To change a password for a client who is signed in to their profile, follow the steps below:

  1. Initiate a 2FA procedure for an authorized client:

GET[host]/api/v2/my/2fa/challenge

  1. Confirm the initiated procedure with a 2FA code sent to the client email address and obtain the success token required for the password change:

POST[host]/api/v2/my/2fa/challenge

  1. Change the password:

POST[host]/api/v2/my/password/change

Step 1

Initiate a 2FA procedure for an authorized client.

Request

Header parameters:

  • Accept: application/json

  • Authorization: Bearer <access_token>

Path parameters:

businessProcess required

Specify changePassword.

GET[host]/api/v2/my/2fa/challenge

curl --location --request GET 'https://host.name/api/v2/my/2fa/challenge?businessProcess=changePassword' \
--header 'Authorization: Bearer <token>' \
--header 'Accept: application/json'

Response

token string

The confirmation token required to complete the initiated 2FA procedure.

provider string

The method used to deliver a 2FA code. Always email.

expiresAt string

The date and time when the confirmation token and 2FA code are due to expire.

RESPONSE EXAMPLE — STEP 1 
{
  "token": "893f59c2-5905-436c-8ee2-643c4a69555f",
  "provider": "email",
  "expiresAt": "2024-01-01T00:00:00+00:00" 
}

Step 2

Confirm the initiated procedure with a 2FA code sent to a client email address and obtain the success token required for the password change.

Request

Header parameters:

  • Accept: application/json

  • Content-Type: application/json

  • Authorization: Bearer <access_token>

Body:

token string required

The confirmation token obtained after a 2FA procedure has been initiated for an authorized client.

code string required

The 2FA code sent to a client email address.

POST[host]/api/v2/my/2fa/challenge

curl --location --request POST 'https://host.name/api/v2/my/2fa/challenge' \
--header 'Authorization: Bearer <token>' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data-raw '{
  "token": "893f59c2-5905-436c-8ee2-643c4a69555f"
  "code": "57448"
}'

Response

successToken string

The success token.

expiresAt string

The date and time when the success token is due to expire.

RESPONSE EXAMPLE — STEP 2 
{
  "successToken": "3929dfe8-161a-428c-9c71-fde728fe7285",
  "expiresAt": "2024-01-01T00:00:00+00:00" 
}

Step 3

Change the password.

Request

Header parameters:

  • Authorization: Bearer <access_token>

  • Accept: application/json

  • Content-Type: application/json

  • successToken: <token> — the success token obtained at Step 2.

Body:

password string required

A new password.

POST[host]/api/v2/my/password/change

curl --location --request POST 'https://host.name/api/v2/my/password/change' \
--header 'Authorization: Bearer <token>' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'successToken: 3929dfe8-161a-428c-9c71-fde728fe7285' \
--data-raw '{
  "password": "m#P52s@ap$V"
}'

Response

In case of success, no response body is returned.

Restore a client password

To restore a password for a client who isn’t signed in to their profile, follow the steps below:

  1. Initiate a 2FA procedure for an unauthorized client:

POST[host]/api/v2/my/2fa/unauthorized/challenge

  1. Confirm the initiated procedure with a 2FA code sent to the client email address and obtain the success token required for restoring the password:

POST[host]/api/v2/my/2fa/challenge

  1. Set a new password:

POST[host]/api/v2/my/password/restore

Step 1

Initiate a 2FA procedure for an unauthorized client.

Request

Header parameters:

  • Accept: application/json

  • Content-Type: application/json

Body:

businessProcess string required

Specify restorePassword.

email string required

The client email address.

POST[host]/api/v2/my/2fa/unauthorized/challenge

curl --location --request POST 'https://host.name/api/v2/my/2fa/unauthorized/challenge' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data-raw '{
  "businessProcess": "restorePassword",
  "email": "username@example.com"
}'

Response

token string

The confirmation token required to complete the initiated 2FA procedure.

provider string

The method used to deliver a 2FA code. Always email.

expiresAt string

The date and time when the confirmation token and 2FA code are due to expire.

RESPONSE EXAMPLE — STEP 1 
{
  "token": "893f59c2-5905-436c-8ee2-643c4a69555f",
  "provider": "email",
  "expiresAt": "2024-01-01T00:00:00+00:00"
}

Step 2

Confirm the initiated procedure with a 2FA code sent to the specified client email address and obtain the success token required for restoring the password.

Request

Header parameters:

  • Accept: application/json

  • Content-Type: application/json

  • Authorization: Bearer <access_token>

Body:

token string required

The confirmation token obtained after a 2FA procedure has been initiated for an unauthorized client.

code string required

The 2FA code sent to a client email address.

POST[host]/api/v2/my/2fa/challenge

curl --location --request POST 'https://host.name/api/v2/my/2fa/challenge' \
--header 'Authorization: Bearer <token>' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data-raw '{
  "token": "893f59c2-5905-436c-8ee2-643c4a69555f"
  "code": "57448"
}'

Response

successToken string

The success token.

expiresAt string

The date and time when the success token is due to expire.

RESPONSE EXAMPLE — STEP 2 
{
  "successToken": "3929dfe8-161a-428c-9c71-fde728fe7285",
  "expiresAt": "2024-01-01T00:00:00+00:00" 
}

Step 3

Set a new password.

Request

Header parameters:

  • Accept: application/json

  • Content-Type: application/json

  • successToken: <token> — the success token obtained at Step 2.

Body:

password string required

A new password.

POST[host]/api/v2/my/password/restore

curl --location --request POST 'https://host.name/api/v2/my/password/restore' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'successToken: 3929dfe8-161a-428c-9c71-fde728fe7285' \
--data-raw '{
  "password": "m#P52s@ap$V"
}'

Response

In case of success, no response body is returned.