The Password Reset Process

The password reset process includes several steps, and several operations come into play to ensure appropriate validation of the user when resetting a password.

Password reset is most commonly used in these scenarios:

  • The user is logged in and wants to change the password
  • The user is not logged in and has forgotten the password

Logged-in user changes password

If a user has already authenticated and wants to change the password, use the Modify Password operation from the Users service: PUT /api/users/{UserID}/password.

User not logged in and requests password reset

If the user has forgotten the password, the three operations below work in sequence to validate the user via a password reset code and then log the user in.

This Operation... Performs this Action...

1)

POST passwordmanagement/sendPasswordResetCode

Takes user email address, validates that the email is associated with an account, and generates an email notification which is sent to the user with a password reset code.

2)

POST passwordmanagement/validatePasswordResetCode

Takes email address and password reset code, validates reset code, and returns email address and user name.

3)

POST /api/login/authenticateWithPasswordResetCode

Takes the user email address, new password chosen by user, and password reset code for authentication; updates password in database and logs user in.

Back to top

Related Topics