Password recovery requests (pwd_reset_requests)
Overview
Manages password recovery requests, as well as requests for an authorized user to change their password.
The procedure is possible only if the external authorization script is not used.
Depending on the authorization state, the current endpoint applies one of two algorithms:
One-step algorithm for changing your password
Executed after authorization.
-
1. POST-request to change the password of the currently authorized user.
-
1. Check if the 'current_pwd' and 'new_pwd' fields are present in the JSON body of the request.
-
2. Checks if the current password is correct.
-
3. Send a change request to MDC and check the password complexity policy.
-
Two-step algorithm for recovering a forgotten password
Executed without authorization.
-
1. POST-a request to send an e-mail with a link to recover your password.
-
1.1. Check if the 'key' field and optionally the domain field are present in the JSON body of the request.
-
1.2. Search for a user by value in the key: login or email. When specifying a login, the domain must be specified. For email it is optional.
-
1.3. Create an entity PwdResetRequest with a lifetime limit of 1 hour.
-
1.4. Send an email to the user’s mail with a link containing the UUID of the password reset request. The link leads to the system web application /app-root, but it contains an identifier that can be applied to a direct API request call PATCH.
-
-
2. PATCH-password change request.
-
2.1. Check if the 'pwd' field is present in the JSON body of the request.
-
2.2. Checking whether the password recovery request is up to date based on the identifier transferred to the URL.
-
2.3. Send a change request to MDC and check the password complexity policy.
-
2.4. If successful, deletion of the entity PwdResetRequest.
-
To successfully send emails, you must configure mail server profile, mail server account, and set it to 'isSystem'.
Requests
| HTTP verb | Endpoint | Description |
|---|---|---|
|
|
|
|
|
|
|
|
Changing your password (after authorization)
Request
POST /rest/v1/iam/pwd_reset_requests HTTP/1.1
Content-Type: application/json; charset=utf-8
{
"current_pwd": "25aN8Af",
"new_pwd": "A39sQ-19b"
}Response
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
"error_code": 0,
"result": true,
"result_msg": "Check your email box for password reset url"
}HTTP/1.1 412 Precondition failed
Content-Type: application/json; charset=utf-8
{
"error_code": 1501,
"error_message": "pwd contains invalid symbols. Expected: A-Za-z0-9_-.~!",
"error_details":{
"field": "pwd"
}
}Password recovery (without authorization)
Step 1/2 of a two-step algorithm for recovering a forgotten password.
Querying is allowed no more than once per minute from the same IP address.
Request
POST /rest/v1/iam/pwd_reset_requests HTTP/1.1
Content-Type: application/json; charset=utf-8
{
"key": "my.account@yandex.ru"
}POST /rest/v1/iam/pwd_reset_requests HTTP/1.1
Content-Type: application/json; charset=utf-8
{
"key": "mylogin",
"domain": "pbx.era-platform.ru"
}Response
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
"error_code": 0,
"result": true,
"result_msg": "Check your email box for password reset URL",
}HTTP/1.1 412 Precondition failed
Content-Type: application/json; charset=utf-8
{
"error_code": 1413,
"error_message": "Email not found. Request your administrator to change password or setup email."
}Replacing a forgotten password (without authorization)
Step 2/2 of the two-step algorithm for recovering a forgotten password.
Request
PATCH /rest/v1/iam/pwd_reset_requests/602c559c-0183-a834-ee7d-7cd30a921f58 HTTP/1.1
Content-Type: application/json; charset=utf-8
{
"pwd": "ew!hIb3V"
}Response
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
"error_code": 0,
"result": true,
"result_msg": "Now login with new password",
"user": {
"domain": "pbx.era-platform.ru",
"login": "mylogin"
}
}HTTP/1.1 412 Precondition failed
Content-Type: application/json; charset=utf-8
{
"error_code": 1501,
"error_message": "pwd contains invalid symbols. Expected: A-Za-z0-9_-.~!",
"error_details":{
"field": "pwd"
}
}