PingOne Platform APIs

Update Password (Admin)

   

PUT {{apiPath}}/environments/{{envID}}/users/{{userID}}/password

Password update requests are structured differently based on whether the password update is a self change or an administrative change. The PUT {{apiPath}}/environments/{{envID}}/users/{{userID}}/password endpoint is called in both cases, but the request body for the self-change operation requires a value for the currentPassword attribute while this administrative-change operation does not. Both operations use application/vnd.pingidentity.password.reset+json as the content type in the request header.

When successful, it returns a 200 OK message, generates a USER.UNLOCKED event, and resets the MFA lockout counter if the user’s account was not already locked by MFA.

For an administrative reset, the password becomes unlocked, but other account lockout mechanisms are not unlocked. For example, if the account has been locked through an explicit application/vnd.pingidentity.account.lock+json request on the user, the account will still be locked after administrative reset.

Administrative-change password update

The sample shows the PUT {{apiPath}}/environments/{{envID}}/users/{{userID}}/password operation to execute an administrative-change reset of the password identified by the user ID and environment ID.

In the request body, the newPassword attribute specifies the new password assigned to this user by the administrator. For a successful administrator-change update, the status attribute value is changed to MUST_CHANGE_PASSWORD. Note that this assigned temporary password is not validated against the current password policy.

An email verification action can be triggered before any update occurs, if the Data Admin user attempts to update the admin’s password, but does not have full administrator permissions.

Prerequisites

Request Model
Property Type Required?

newPassword

String

Required

Refer to the User passwords data model for full property descriptions.

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/vnd.pingidentity.password.reset+json

Body

raw ( application/vnd.pingidentity.password.reset+json )

{
    "newPassword": "{{newPassword}}"
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff --request PUT '{{apiPath}}/environments/{{envID}}/users/{{userID}}/password' \
--header 'Content-Type: application/vnd.pingidentity.password.reset+json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "newPassword": "{{newPassword}}"
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/users/{{userID}}/password")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Put);
request.AddHeader("Content-Type", "application/vnd.pingidentity.password.reset+json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""newPassword"": ""{{newPassword}}""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/users/{{userID}}/password"
  method := "PUT"

  payload := strings.NewReader(`{
    "newPassword": "{{newPassword}}"
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/vnd.pingidentity.password.reset+json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
PUT /environments/{{envID}}/users/{{userID}}/password HTTP/1.1
Host: {{apiPath}}
Content-Type: application/vnd.pingidentity.password.reset+json
Authorization: Bearer {{accessToken}}

{
    "newPassword": "{{newPassword}}"
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/vnd.pingidentity.password.reset+json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"newPassword\": \"{{newPassword}}\"\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/users/{{userID}}/password")
  .method("PUT", body)
  .addHeader("Content-Type", "application/vnd.pingidentity.password.reset+json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/users/{{userID}}/password",
  "method": "PUT",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/vnd.pingidentity.password.reset+json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "newPassword": "{{newPassword}}"
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'PUT',
  'url': '{{apiPath}}/environments/{{envID}}/users/{{userID}}/password',
  'headers': {
    'Content-Type': 'application/vnd.pingidentity.password.reset+json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "newPassword": "{{newPassword}}"
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/users/{{userID}}/password"

payload = json.dumps({
  "newPassword": "{{newPassword}}"
})
headers = {
  'Content-Type': 'application/vnd.pingidentity.password.reset+json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("PUT", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/users/{{userID}}/password');
$request->setMethod(HTTP_Request2::METHOD_PUT);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/vnd.pingidentity.password.reset+json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "newPassword": "{{newPassword}}"\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/users/{{userID}}/password")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Put.new(url)
request["Content-Type"] = "application/vnd.pingidentity.password.reset+json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "newPassword": "{{newPassword}}"
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"newPassword\": \"{{newPassword}}\"\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/users/{{userID}}/password")!,timeoutInterval: Double.infinity)
request.addValue("application/vnd.pingidentity.password.reset+json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "PUT"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

200 OK

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/c3042000-188f-4bc7-a269-dee1602cf7af/password"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        },
        "user": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/c3042000-188f-4bc7-a269-dee1602cf7af"
        },
        "passwordPolicy": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/passwordPolicies/5da98f13-ad62-4234-86d3-01018f6ef0ad"
        },
        "password.validate": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/c3042000-188f-4bc7-a269-dee1602cf7af/password"
        },
        "password.reset": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/c3042000-188f-4bc7-a269-dee1602cf7af/password"
        },
        "password.set": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/c3042000-188f-4bc7-a269-dee1602cf7af/password"
        },
        "password.recover": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/c3042000-188f-4bc7-a269-dee1602cf7af/password"
        }
    },
    "environment": {
        "id": "ec814a6f-4e7e-45aa-92ea-c670f7190352"
    },
    "user": {
        "id": "8b015deb-073d-4c25-a51d-99768b01567d"
    },
    "passwordPolicy": {
        "id": "ec814a6f-4e7e-45aa-86d3-01018f6ef0ad"
    },
    "status": "MUST_CHANGE_PASSWORD",
    "lastChanged": "2018-06-15T17:12:30.087Z"
}