Change a user's password - Fluid Topics - Latest

Fluid Topics API Reference Guide

Reference Guides

This web service updates a user's password.

Method Endpoint
PUT /api/users/{userId}/password
Path parameter Type Description
{userId} String The user's identifier.

Request example

The following lines show an example of a JSON request body:

    "password": "New password"
Field Type Required? Description
password String Yes The user's new password.
Return code Description
200 OK The request is valid and data is returned.
400 BAD REQUEST A required parameter is missing or the password does not comply with the security policy.
401 UNAUTHORIZED The authorization header was not provided or is invalid.
403 FORBIDDEN The user or API key does not have the ADMIN or USERS_ADMIN role.
404 NOT FOUND No user exists with this ID.

For a comprehensive list of all possible return codes, see Return codes.

  • It is only possible to change the password of users created from an internal realm.
  • The new password must comply with the security requirements as defined for the internal realm.
  • Users who call this web service must have the same role as the user whose password is being changed. For example, a user with the USER_ADMIN role cannot change the password for a user with the PORTAL_ADMIN role.

In compliance with the OWASP Secure Software Development Lifecycle Requirement #2.3.1, tokens to reset a password expire after a short period (2 hours).