Change or restore client passwords
This tutorial provides detailed instructions on changing existing client passwords or restoring passwords via API.
Authorized clients may want to change their passwords for security or other reasons.
The procedure of restoring a password becomes necessary if a client needs to recover access to the profile after forgetting their password.
Both procedures include client verification by email address and setting a new password.
Change a client password
To change a password for a client who is signed in to their profile, follow the steps below:
Initiate a 2FA procedure for an authorized client:
GET[host]/api/v2/my/2fa/challenge
Confirm the initiated procedure with a 2FA code sent to the client email address and obtain the success token required for the password change:
POST[host]/api/v2/my/2fa/challenge
Change the password:
POST[host]/api/v2/my/password/change
Step 1
Initiate a 2FA procedure for an authorized client.
Request
Header parameters:
Accept: application/json
Authorization: Bearer <access_token>
Path parameters:
- businessProcess required
Specify
changePassword
.
GET[host]/api/v2/my/2fa/challenge
curl --location --request GET 'https://host.name/api/v2/my/2fa/challenge?businessProcess=changePassword' \
--header 'Authorization: Bearer <token>' \
--header 'Accept: application/json'
Response
- token
string
The confirmation token required to complete the initiated 2FA procedure.
- provider
string
The method used to deliver a 2FA code. Always
email
.- expiresAt
string
The date and time when the confirmation token and 2FA code are due to expire.
{
"token": "893f59c2-5905-436c-8ee2-643c4a69555f",
"provider": "email",
"expiresAt": "2024-01-01T00:00:00+00:00"
}
Step 2
Confirm the initiated procedure with a 2FA code sent to a client email address and obtain the success token required for the password change.
Request
Header parameters:
Accept: application/json
Content-Type: application/json
Authorization: Bearer <access_token>
Body:
- token
string
required The confirmation token obtained after a 2FA procedure has been initiated for an authorized client.
- code
string
required The 2FA code sent to a client email address.
POST[host]/api/v2/my/2fa/challenge
curl --location --request POST 'https://host.name/api/v2/my/2fa/challenge' \
--header 'Authorization: Bearer <token>' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data-raw '{
"token": "893f59c2-5905-436c-8ee2-643c4a69555f"
"code": "57448"
}'
Response
- successToken
string
The success token.
- expiresAt
string
The date and time when the success token is due to expire.
{
"successToken": "3929dfe8-161a-428c-9c71-fde728fe7285",
"expiresAt": "2024-01-01T00:00:00+00:00"
}
Step 3
Change the password.
Request
Header parameters:
Authorization: Bearer <access_token>
Accept: application/json
Content-Type: application/json
successToken: <token>
— the success token obtained at Step 2.
Body:
- password
string
required A new password.
POST[host]/api/v2/my/password/change
curl --location --request POST 'https://host.name/api/v2/my/password/change' \
--header 'Authorization: Bearer <token>' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'successToken: 3929dfe8-161a-428c-9c71-fde728fe7285' \
--data-raw '{
"password": "m#P52s@ap$V"
}'
Response
In case of success, no response body is returned.
Restore a client password
To restore a password for a client who isn’t signed in to their profile, follow the steps below:
Initiate a 2FA procedure for an unauthorized client:
POST[host]/api/v2/my/2fa/unauthorized/challenge
Confirm the initiated procedure with a 2FA code sent to the client email address and obtain the success token required for restoring the password:
POST[host]/api/v2/my/2fa/challenge
Set a new password:
POST[host]/api/v2/my/password/restore
Step 1
Initiate a 2FA procedure for an unauthorized client.
Request
Header parameters:
Accept: application/json
Content-Type: application/json
Body:
- businessProcess
string
required Specify
restorePassword
.- email
string
required The client email address.
POST[host]/api/v2/my/2fa/unauthorized/challenge
curl --location --request POST 'https://host.name/api/v2/my/2fa/unauthorized/challenge' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data-raw '{
"businessProcess": "restorePassword",
"email": "username@example.com"
}'
Response
- token
string
The confirmation token required to complete the initiated 2FA procedure.
- provider
string
The method used to deliver a 2FA code. Always
email
.- expiresAt
string
The date and time when the confirmation token and 2FA code are due to expire.
{
"token": "893f59c2-5905-436c-8ee2-643c4a69555f",
"provider": "email",
"expiresAt": "2024-01-01T00:00:00+00:00"
}
Step 2
Confirm the initiated procedure with a 2FA code sent to the specified client email address and obtain the success token required for restoring the password.
Request
Header parameters:
Accept: application/json
Content-Type: application/json
Authorization: Bearer <access_token>
Body:
- token
string
required The confirmation token obtained after a 2FA procedure has been initiated for an unauthorized client.
- code
string
required The 2FA code sent to a client email address.
POST[host]/api/v2/my/2fa/challenge
curl --location --request POST 'https://host.name/api/v2/my/2fa/challenge' \
--header 'Authorization: Bearer <token>' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data-raw '{
"token": "893f59c2-5905-436c-8ee2-643c4a69555f"
"code": "57448"
}'
Response
- successToken
string
The success token.
- expiresAt
string
The date and time when the success token is due to expire.
{
"successToken": "3929dfe8-161a-428c-9c71-fde728fe7285",
"expiresAt": "2024-01-01T00:00:00+00:00"
}
Step 3
Set a new password.
Request
Header parameters:
Accept: application/json
Content-Type: application/json
successToken: <token>
— the success token obtained at Step 2.
Body:
- password
string
required A new password.
POST[host]/api/v2/my/password/restore
curl --location --request POST 'https://host.name/api/v2/my/password/restore' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'successToken: 3929dfe8-161a-428c-9c71-fde728fe7285' \
--data-raw '{
"password": "m#P52s@ap$V"
}'
Response
In case of success, no response body is returned.