reset password group
| API Support | Available since | Last updated | Output |
|---|---|---|---|
| 5.1000 | 6.0000 | json, xml |
Description
Reset password for a member.
Workflow
To identify the member, either the member-username or member-email address is required.
The reset password is done in two steps:
- The system sends an email asking for confirmation of reset password (with a token) to the user.
- The user then confirms the request by sending the token to the system. If everything matches, a new password is set and a notification email sent to the user to confirm the password update.
This service can be used for both steps.
- If no token is specified, this service sends one by email to the member.
- Otherwise, when the request includes a token parameter, this service attempts to update the password as specified in the member-password parameter.
If the group defines specific email templates, the emails sent use the group’s style.
To customize the email templates, create the following email templates:
| Template | Description |
|---|---|
| reset-password-confirm | Email containing instructions on how to reset the password including a link with a valid reset password token |
| change-password | Confirmation email sent after the password |
For more details, see the reset password email flow.
To use the default PageSeeder email templates, use the /members/resetpassword service.
Security considerations
If the password is successfully updated through a valid token or key, the member is automatically unlocked.
Members that are bound to an API account cannot have their password reset through this method.
Parameters
| Name | Description | Required | Type | Default |
|---|---|---|---|---|
| The member’s email address | yes, if no username | |||
| key | The reset password key – Obsolete as of v6, use token instead | no | string | |
| member-password | The member’s new password (empty value not supported as of v6 use Service: /members/{member} [GET] with token instead) | no | string | |
| member-username | The member’s username | yes, if no email | string | |
| token | The reset password token | no | string | |
| notify-async | Whether emails should be sent asynchronously (for slow email servers) | no | boolean | false |
Permission
This service is public: anybody can invoke it.
Response
When no token is specified and member-password not specified, then an email confirming the reset password request is sent to the member (step 1) and the XML output is:
<reset-password status="request-successful" />
If member-password is specified and the member has the correct confirmation key/token, then the new password is set, notification is emailed to the member and the XML output is:
<reset-password status="password-changed" />
When the user was not found, then the XML output is the same as the first step (so that an external user does not know if a username/email exists in the system):
<reset-password status="request-successful" />
Error Handling
| Code | Cause / Description |
|---|---|
| 0x1008 | If the email and username are empty (for admins only) |
| 0x1002 | If the email address is invalid |
| 0x100E | If no member was found (for admins only) |
| 0x1018 | If the member is an API account |
| 0x1019 | If the account is locked |
| 0x100F | If the member has no email address |
| 0x102A | If the reset password token is invalid |