Web service API

How to use PageSeeder's Web service API

force reset password group

/groups/{group}/members/forceresetpassword [POST]

com.pageseeder.member.ResetPassword

Description

Reset password as admin within a group.

Note

This service is functionally identical to the /members/forceresetpassword service except that the email sent will use the group's style.

Resets the password for the user if all parameters are correct.

Workflow

In order to identify the user, either the username or email address is required.

For a normal user, reset password is done in two steps:

  1. The system sends an email asking for confirmation of reset password (with a key/token) to the user.
  2. The user then confirms the request by sending the key/token to the system. If everything matches, a new password is set and a notification email sent to the user.

Email

If the group defines specific email templates, the emails sent will use the group's style.

To customize the email templates, create the following email templates:

Parameters

NameDescriptionRequiredTypeDefault value
emailThe member's email address.yes, if no usernameemail
member-passwordThe member's new password.nostring
member-usernameThe member's username.yes, if no emailstring
notify-asyncWhether emails should be sent asynchronously (for slow email servers).nobooleanfalse

Permission

Permissions requirements to be updated.

Response

When no key/token is specified and member-password not specified, then an email confirming the reset password request is sent to the member (step 1) and the XML output is:

 <reset-password status="request-successful" />

If member-password is specified, then the new password is set, notification is emailed to the member and the XML output is:

 <reset-password status="password-changed" />

If member-password="" or not specified, then whether the user is an admin is returned in the XML output for password strength:

 <reset-password status="pending"
                 [admin="true"] />

When the user was not found, then the XML output is the same as the first step (so that an external user does not know if a username/email exists in the system):

 <reset-password status="request-successful" />

Error Handling

CodeCause / Description
0x1008If the email and username are empty (for admins only).
0x1002If the email address is invalid.
0x100EIf no member was found (for admins only).
0x1018If the member is an API account
0x1019If the account is locked
0x100FIf the member has no email address
0x1024If the reset password key is invalid

Created on , last edited on