Example: Resetting a Password

This example walks you through resetting a user's password for the Akana API Platform by using the platform API rather than the user interface.

This exercise assumes that you already have a valid account set up on the Akana API Platform.

For more information on password reset, refer to The Password Reset Process.

Essentially, for this exercise, you'll need to complete these three activities in sequence:

  1. Request a password reset. Operation: POST passwordmanagement/sendPasswordResetCode.
  2. Retrieve the reset code sent to the email address, and get it validated so that you are authenticated. Operation: POST passwordmanagement/validatePasswordResetCode.
  3. Reset to a new password, and log in. Operation: POST /api/login/authenticateWithPasswordResetCode.

Once you've completed the above steps, the user's password is updated and the user is logged in.

Follow the detailed instructions below.

To reset a user password in the Akana API Platform using the platform API

  1. Request a password reset code using the POST passwordmanagement/sendPasswordResetCode operation.
    • HTTP method: POST
    • URL: https://{hostname}/api/passwordmanagement/sendPasswordResetCode?emailAddress=jane.saoirse%40example.com
    • Accept header:application/json
    • Content-Type header: application/x-www-form-urlencoded
    • CSRF header: include it if needed. If you are not sure whether it's needed or not, refer to CSRF Prevention on the Platform.
  2. You should get an HTTP 200 response. There is no response body, but an email with reset code is sent to the email address you specified. Retrieve the reset code.
  3. Get the user validated by sending the password reset code retrieved in the previous step, using the POST passwordmanagement/validatePasswordResetCode operation.
    • HTTP method: POST
    • URL: https://{hostname}/api/passwordmanagement/validatePasswordResetCode?passwordResetCode=6Dm_eB2SGJJV8jj6VdQT_wpg9mupnK
      WwI7CnrbOnFyDpy15MBDWJfPl9kR2UGTvxu9SE-mzVP6bjAG7phnUJaC4N_duN3byrT2JAdrZXvsinxJLpoROshA&emailAddress=jane.saoirse%40example.com
    • Accept header:application/json
    • Content-Type header: application/x-www-form-urlencoded
    • CSRF header: include it if needed. If you are not sure whether it's needed or not, refer to CSRF Prevention on the Platform.
  4. You should get an HTTP 200 response, with a response body that confirms the user identity. Below is the response in this example:
    {
      "emailAddress" : "jane.saoirse@example.com",
      "userName" : "JaneSaoirse"
    }
  5. Reset password, and log in (authenticate) using the POST /api/login/authenticateWithPasswordResetCode operation.
    • HTTP method: POST
    • URL: https://{hostname}/api//api/login/authenticateWithPasswordResetCode?email=jane.saoirse%40example.com&newPassword=MyNewPassword &passwordResetCode=6Dm_eB2SGJJV8jj6VdQT_wpg9mupnKWwI7CnrbOnFyDpy15MBDWJfPl9kR2UGTvxu9S E-mzVP6bjAG7phnUJaC4N_duN3byrT2JAdrZXvsinxJLpoROshA
    • Content-Type header: application/x-www-form-urlencoded
    • CSRF header: include it if needed. If you are not sure whether it's needed or not, refer to CSRF Prevention on the Platform.
  6. You should get an HTTP 200 response. There is no response body, but a valid cookie is returned in the response headers, and the user's password is updated in the platform's database.
  7. When done, remember to log out using the POST /api/login/logout operation. Use the following values:
    • URL: https://{hostname}/api/login/logout
    • Accept header: application/json
    • Content-Type header: application/x-www-form-urlencoded

Back to top

Related Topics