Skip to main content

 Services

Web services from /about to /webhooks

reset password group

/groups/{group}/members/resetpassword [POST]

Description

Reset password for a member.

Workflow

To identify the member, either the member-username or member-email address is required.

The reset password is done in two steps:

  1. The system sends an email asking for confirmation of reset password (with a token) to the user.
  2. The user then confirms the request by sending the token to the system. If everything matches, a new password is set and a notification email sent to the user to confirm the password update.

This service can be used for both steps.

  • If no token is specified, this service sends one by email to the member.
  • Otherwise, when the request includes a  token parameter, this service attempts to update the password as specified in the member-password parameter.

Email

If the group defines specific email templates, the emails sent use the group’s style.

To customize the email templates, create the following email templates:

TemplateDescription
reset-password-confirmEmail containing instructions on how to reset the password including a link with a valid reset password token
change-passwordConfirmation email sent after the password

For more details, see the reset password email flow.

To use the default PageSeeder email templates, use the /members/resetpassword service.

Security considerations

If the password is successfully updated through a valid token or key, the member is automatically unlocked.

Members that are bound to an API account cannot have their password reset through this method.

Parameters

NameDescriptionRequiredTypeDefault
emailThe member’s email addressyes, if no usernameemail
keyThe reset password key – Obsolete as of v6, use token insteadnostring
member-passwordThe member’s new password (empty value not supported as of v6 use Service: /members/{member} [GET] with token instead)nostring
member-usernameThe member’s usernameyes, if no emailstring
tokenThe reset password tokennostring
notify-asyncWhether emails should be sent asynchronously (for slow email servers)nobooleanfalse

Permission

This service is public: anybody can invoke it.

Response

When no token is specified and member-password not specified, then an email confirming the reset password request is sent to the member (step 1) and the XML output is:

<reset-password status="request-successful" />

If member-password is specified and the member has the correct confirmation key/token, then the new password is set, notification is emailed to the member and the XML output is:

<reset-password status="password-changed" />

When the user was not found, then the XML output is the same as the first step (so that an external user does not know if a username/email exists in the system):

<reset-password status="request-successful" />

Error Handling

CodeCause / Description
0x1008If the email and username are empty (for admins only)
0x1002If the email address is invalid
0x100EIf no member was found (for admins only)
0x1018If the member is an API account
0x1019If the account is locked
0x100FIf the member has no email address
0x102AIf the reset password token is invalid
Created on , last edited on