Generate Password
POST {{apiPath}}/directory/v1/suggestPasswordThe Generate Password extended operation uses the POST /directory/v1/suggestPassword endpoint. This endpoint uses suggestPassword instead of generatePassword since the request doesn’t make a backend change to the password of a target entry.
Request body
The request body for this method can only contain one of the following attributes:
-
passwordPolicyDNAn optional parameter whose value is the DN of the password policy whose password generator should be used to generate the suggested passwords.
-
targetEntryDNAn optional parameter whose value is the DN of the user for whom the suggested passwords will be generated.
If neither of the above attributes are specified, the password generator for the server’s default password policy will be used to generate the passwords.
The following request body attributes are fully optional:
-
numberOfPasswordsAn optional integer parameter whose value is the number of suggested passwords to generate. If specified, the value must be greater than or equal to one.
-
validationAttemptsAn optional integer parameter whose value is the maximum number of attempts for each suggested password that the server should make to generate a password that satisfies all of the password validators configured for the selected password policy. If specified, the value must be greater than or equal to zero.
-
_controlsAn optional array of JSON-formatted request controls used to process the generate password request. These controls are narrowed down based on which conversions from JSON to LDAP are currently implemented by the Directory REST API. The following request controls are supported and relevant to the generate password request:
Response body
Upon a successful operation where the HTTP status code is 200, the following fields will be included in the JSON object:
-
resultCodeA required JSON object that contains the following fields:
-
valueThe integer value for the LDAP result code.
-
nameA name for the LDAP result code.
-
-
passwordPolicyDNAn optional string field whose value is the DN of the password policy whose password generator was used to create the suggested passwords. This field is present in a successful response and absent otherwise.
-
suggestedPasswordsAn optional array of JSON objects that contain the suggested passwords. Each JSON object should contain the following fields:
-
suggestedPasswordA string field whose value will be the suggested password. This field will always be present.
-
validationAttemptedA Boolean field that indicates whether the server made an attempt to ensure that the suggested password passes validation.
-
validationErrorsAn optional string array field whose values are reasons that the suggested password would not be acceptable to the password validators configured for the associated password policy. If
validationAttemptedis true andvalidationErrorsis empty, then the suggested password passed validation.
-
The following optional fields will be include if they are populated by the underlying LDAP operation, but are otherwise omitted:
-
matchedDNA string field that holds the matched DN for the operation, if appropriate. You can omit this if no matched DN value is needed or appropriate.
-
diagnosticMessageA string field that holds a human-readable message with additional information about the operation. You can omit this if no diagnostic message is needed or appropriate.
-
_controlsAn optional array of JSON-formatted response controls if they are generated in response to a request control. Note that some request controls do not have corresponding response controls.
Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/directory/v1/suggestPassword' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"passwordPolicyDN": "cn=Default Password Policy,cn=Password Policies,cn=config",
"numberOfPasswords": 2,
"validationAttempts": 5
}'var options = new RestClientOptions("{{apiPath}}/directory/v1/suggestPassword")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""passwordPolicyDN"": ""cn=Default Password Policy,cn=Password Policies,cn=config""," + "\n" +
@" ""numberOfPasswords"": 2," + "\n" +
@" ""validationAttempts"": 5" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/directory/v1/suggestPassword"
method := "POST"
payload := strings.NewReader(`{
"passwordPolicyDN": "cn=Default Password Policy,cn=Password Policies,cn=config",
"numberOfPasswords": 2,
"validationAttempts": 5
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /directory/v1/suggestPassword HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"passwordPolicyDN": "cn=Default Password Policy,cn=Password Policies,cn=config",
"numberOfPasswords": 2,
"validationAttempts": 5
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"passwordPolicyDN\": \"cn=Default Password Policy,cn=Password Policies,cn=config\",\n \"numberOfPasswords\": 2,\n \"validationAttempts\": 5\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/directory/v1/suggestPassword")
.method("POST", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/directory/v1/suggestPassword",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"passwordPolicyDN": "cn=Default Password Policy,cn=Password Policies,cn=config",
"numberOfPasswords": 2,
"validationAttempts": 5
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{apiPath}}/directory/v1/suggestPassword',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"passwordPolicyDN": "cn=Default Password Policy,cn=Password Policies,cn=config",
"numberOfPasswords": 2,
"validationAttempts": 5
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/directory/v1/suggestPassword"
payload = json.dumps({
"passwordPolicyDN": "cn=Default Password Policy,cn=Password Policies,cn=config",
"numberOfPasswords": 2,
"validationAttempts": 5
})
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/directory/v1/suggestPassword');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "passwordPolicyDN": "cn=Default Password Policy,cn=Password Policies,cn=config",\n "numberOfPasswords": 2,\n "validationAttempts": 5\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/directory/v1/suggestPassword")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"passwordPolicyDN": "cn=Default Password Policy,cn=Password Policies,cn=config",
"numberOfPasswords": 2,
"validationAttempts": 5
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"passwordPolicyDN\": \"cn=Default Password Policy,cn=Password Policies,cn=config\",\n \"numberOfPasswords\": 2,\n \"validationAttempts\": 5\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/directory/v1/suggestPassword")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
200 OK
{
"resultCode": {
"value": 0,
"name": "success"
},
"passwordPolicyDN": "cn=Default Password Policy,cn=Password Policies,cn=config",
"suggestedPasswords": [
{
"suggestedPassword": "GarnishHayekElixirNortheastern",
"validationAttempted": false
},
{
"suggestedPassword": "CrawdadMechanicApotheosisEnvironment",
"validationAttempted": false
}
]
}