PingOne Platform APIs

Update Password (Self)

   

PUT {{apiPath}}/environments/{{envID}}/users/{{userID}}/password

Password update requests are structured differently based on whether the password update is a self change or an administrative change. The PUT {{apiPath}}/environments/{{envID}}/users/{{userID}}/password endpoint is called in both cases, but this request body for the self-change operation requires a value for the currentPassword attribute while the administrative-change operation does not.

This operations uses application/vnd.pingidentity.password.reset+json as the content type in the request header.

Users who authenticate with an external identity provider cannot perform any self-service actions on passwords. Their user.identityProvider.id attribute is not null and their user.identityProvider.type attribute is not PING_ONE.

Self-change password update

The sample shows the PUT {{apiPath}}/environments/{{envID}}/users/{{userID}}/password operation to execute a self-change reset of the password identified by the user ID and environment ID.

In the request body, the currentPassword value specifies the existing password, and newPassword specifies the value of the new password assigned to this user. Note that the new password is validated against the current password policy, including the notSimilarToCurrent condition. For a successful self-change update, the status attribute value is changed to OK.

Prerequisites

Request Model
Property Type Required?

currentPassword

String

Required

newPassword

String

Required

Refer to the User passwords data model for full property descriptions.

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/vnd.pingidentity.password.reset+json

Body

raw ( application/vnd.pingidentity.password.reset+json )

{
    "currentPassword": "{{currentPassword}}",
    "newPassword": "{{newPassword}}"
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff --request PUT '{{apiPath}}/environments/{{envID}}/users/{{userID}}/password' \
--header 'Content-Type: application/vnd.pingidentity.password.reset+json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "currentPassword": "{{currentPassword}}",
    "newPassword": "{{newPassword}}"
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/users/{{userID}}/password")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Put);
request.AddHeader("Content-Type", "application/vnd.pingidentity.password.reset+json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""currentPassword"": ""{{currentPassword}}""," + "\n" +
@"    ""newPassword"": ""{{newPassword}}""" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/users/{{userID}}/password"
  method := "PUT"

  payload := strings.NewReader(`{
    "currentPassword": "{{currentPassword}}",
    "newPassword": "{{newPassword}}"
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/vnd.pingidentity.password.reset+json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
PUT /environments/{{envID}}/users/{{userID}}/password HTTP/1.1
Host: {{apiPath}}
Content-Type: application/vnd.pingidentity.password.reset+json
Authorization: Bearer {{accessToken}}

{
    "currentPassword": "{{currentPassword}}",
    "newPassword": "{{newPassword}}"
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/vnd.pingidentity.password.reset+json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"currentPassword\": \"{{currentPassword}}\",\n    \"newPassword\": \"{{newPassword}}\"\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/users/{{userID}}/password")
  .method("PUT", body)
  .addHeader("Content-Type", "application/vnd.pingidentity.password.reset+json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/users/{{userID}}/password",
  "method": "PUT",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/vnd.pingidentity.password.reset+json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "currentPassword": "{{currentPassword}}",
    "newPassword": "{{newPassword}}"
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'PUT',
  'url': '{{apiPath}}/environments/{{envID}}/users/{{userID}}/password',
  'headers': {
    'Content-Type': 'application/vnd.pingidentity.password.reset+json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "currentPassword": "{{currentPassword}}",
    "newPassword": "{{newPassword}}"
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/users/{{userID}}/password"

payload = json.dumps({
  "currentPassword": "{{currentPassword}}",
  "newPassword": "{{newPassword}}"
})
headers = {
  'Content-Type': 'application/vnd.pingidentity.password.reset+json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("PUT", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/users/{{userID}}/password');
$request->setMethod(HTTP_Request2::METHOD_PUT);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/vnd.pingidentity.password.reset+json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "currentPassword": "{{currentPassword}}",\n    "newPassword": "{{newPassword}}"\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/users/{{userID}}/password")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Put.new(url)
request["Content-Type"] = "application/vnd.pingidentity.password.reset+json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "currentPassword": "{{currentPassword}}",
  "newPassword": "{{newPassword}}"
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"currentPassword\": \"{{currentPassword}}\",\n    \"newPassword\": \"{{newPassword}}\"\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/users/{{userID}}/password")!,timeoutInterval: Double.infinity)
request.addValue("application/vnd.pingidentity.password.reset+json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "PUT"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

200 OK

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/c3042000-188f-4bc7-a269-dee1602cf7af/password"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        },
        "user": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/c3042000-188f-4bc7-a269-dee1602cf7af"
        },
        "passwordPolicy": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/passwordPolicies/5da98f13-ad62-4234-86d3-01018f6ef0ad"
        },
        "password.validate": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/c3042000-188f-4bc7-a269-dee1602cf7af/password"
        },
        "password.reset": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/c3042000-188f-4bc7-a269-dee1602cf7af/password"
        },
        "password.set": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/c3042000-188f-4bc7-a269-dee1602cf7af/password"
        },
        "password.recover": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/c3042000-188f-4bc7-a269-dee1602cf7af/password"
        }
    },
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "user": {
        "id": "c3042000-188f-4bc7-a269-dee1602cf7af"
    },
    "passwordPolicy": {
        "id": "5da98f13-ad62-4234-86d3-01018f6ef0ad"
    },
    "status": "OK",
    "lastChangedAt": "2019-01-08T20:18:31.264Z"
}