--- title: Update Password (Set Value) description: You can use the PUT {{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/password endpoint to set a password for the user identified by the user ID and environment ID. This operation uses the application/vnd.pingidentity.password.setValue+json custom media type as the content type in the request header. component: pingone-api page_id: pingone-api:platform:users/user-passwords/update-password-set-value canonical_url: https://developer.pingidentity.com/pingone-api/platform/users/user-passwords/update-password-set-value.html section_ids: prerequisites: Prerequisites headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Update Password (Set Value) ## ```none PUT {{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/password ``` You can use the `PUT {{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/password` endpoint to set a password for the user identified by the user ID and environment ID. This operation uses the `application/vnd.pingidentity.password.setValue+json` custom media type as the content type in the request header. Unlike the [PUT Update Password (Set)](update-password-set.html) endpoint, the password value is not required in this request body. When the value is not provided, the user's password is unset. This leaves the user's password state in either `NO_PASSWORD` or, if they have an external gateway configured, `EXTERNAL`. In the request body, the `forceChange` value specifies whether the user must change the current password on the next login. If `forceChange` is set to true, the status attribute value is changed to `MUST_CHANGE_PASSWORD`. If `forceChange` is omitted from the request, its value is set to `false` by default, and the status attribute value is set to `OK`. The `bypassPolicy` value specifies whether the user's password policy should be ignored. If this property is omitted from the request, its value is set to `false`. You can unset the password by using an empty request body, such as the following. ```json {} ``` The `forceChange` and `bypassPolicy` parameters are ignored if included in this instance. Note that the response includes `"status":"NO_PASSWORD"`. The user's gateway configuration is not affected by this endpoint. ### Prerequisites * Refer to [Users](../../users.html) and [User Passwords](../user-passwords.html) for important overview information. > **Collapse: Request Model** > > | Property | Type | Required? | > | -------------- | ------- | --------- | > | `value` | String | Required | > | `forceChange` | Boolean | Required | > | `bypassPolicy` | Boolean | Optional | > > Refer to the [User operations](../users-1.html) data model for full property descriptions. ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/vnd.pingidentity.password.setValue+json ### Body raw ( application/vnd.pingidentity.password.setValue+json ) ```json { "value": "{SSHA512}UkGWfORubNKFpFBWh+Lgy4FrciclzUXneuryV+B+zBDR4Gqd5wvMqAvKRixgQWoZlZUgq8Wh40uMK3s6bWpzWt1/TqQH02hX", "forceChange": true, "bypassPolicy" : "false" } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff --request PUT '{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/password' \ --header 'Content-Type: application/vnd.pingidentity.password.setValue+json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "value": "{SSHA512}UkGWfORubNKFpFBWh+Lgy4FrciclzUXneuryV+B+zBDR4Gqd5wvMqAvKRixgQWoZlZUgq8Wh40uMK3s6bWpzWt1/TqQH02hX", "forceChange": true, "bypassPolicy" : "false" }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/password") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Put); request.AddHeader("Content-Type", "application/vnd.pingidentity.password.setValue+json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""value"": ""{SSHA512}UkGWfORubNKFpFBWh+Lgy4FrciclzUXneuryV+B+zBDR4Gqd5wvMqAvKRixgQWoZlZUgq8Wh40uMK3s6bWpzWt1/TqQH02hX""," + "\n" + @" ""forceChange"": true," + "\n" + @" ""bypassPolicy"" : ""false""" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/password" method := "PUT" payload := strings.NewReader(`{ "value": "{SSHA512}UkGWfORubNKFpFBWh+Lgy4FrciclzUXneuryV+B+zBDR4Gqd5wvMqAvKRixgQWoZlZUgq8Wh40uMK3s6bWpzWt1/TqQH02hX", "forceChange": true, "bypassPolicy" : "false" }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/vnd.pingidentity.password.setValue+json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http PUT /v1/environments/{{envID}}/users/{{userID}}/password HTTP/1.1 Host: {{apiPath}} Content-Type: application/vnd.pingidentity.password.setValue+json Authorization: Bearer {{accessToken}} { "value": "{SSHA512}UkGWfORubNKFpFBWh+Lgy4FrciclzUXneuryV+B+zBDR4Gqd5wvMqAvKRixgQWoZlZUgq8Wh40uMK3s6bWpzWt1/TqQH02hX", "forceChange": true, "bypassPolicy" : "false" } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/vnd.pingidentity.password.setValue+json"); RequestBody body = RequestBody.create(mediaType, "{\n \"value\": \"{SSHA512}UkGWfORubNKFpFBWh+Lgy4FrciclzUXneuryV+B+zBDR4Gqd5wvMqAvKRixgQWoZlZUgq8Wh40uMK3s6bWpzWt1/TqQH02hX\",\n \"forceChange\": true,\n \"bypassPolicy\" : \"false\"\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/password") .method("PUT", body) .addHeader("Content-Type", "application/vnd.pingidentity.password.setValue+json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/password", "method": "PUT", "timeout": 0, "headers": { "Content-Type": "application/vnd.pingidentity.password.setValue+json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "value": "{SSHA512}UkGWfORubNKFpFBWh+Lgy4FrciclzUXneuryV+B+zBDR4Gqd5wvMqAvKRixgQWoZlZUgq8Wh40uMK3s6bWpzWt1/TqQH02hX", "forceChange": true, "bypassPolicy": "false" }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'PUT', 'url': '{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/password', 'headers': { 'Content-Type': 'application/vnd.pingidentity.password.setValue+json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "value": "{SSHA512}UkGWfORubNKFpFBWh+Lgy4FrciclzUXneuryV+B+zBDR4Gqd5wvMqAvKRixgQWoZlZUgq8Wh40uMK3s6bWpzWt1/TqQH02hX", "forceChange": true, "bypassPolicy": "false" }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/password" payload = json.dumps({ "value": "{SSHA512}UkGWfORubNKFpFBWh+Lgy4FrciclzUXneuryV+B+zBDR4Gqd5wvMqAvKRixgQWoZlZUgq8Wh40uMK3s6bWpzWt1/TqQH02hX", "forceChange": True, "bypassPolicy": "false" }) headers = { 'Content-Type': 'application/vnd.pingidentity.password.setValue+json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("PUT", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/password'); $request->setMethod(HTTP_Request2::METHOD_PUT); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/vnd.pingidentity.password.setValue+json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "value": "{SSHA512}UkGWfORubNKFpFBWh+Lgy4FrciclzUXneuryV+B+zBDR4Gqd5wvMqAvKRixgQWoZlZUgq8Wh40uMK3s6bWpzWt1/TqQH02hX",\n "forceChange": true,\n "bypassPolicy" : "false"\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/password") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Put.new(url) request["Content-Type"] = "application/vnd.pingidentity.password.setValue+json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "value": "{SSHA512}UkGWfORubNKFpFBWh+Lgy4FrciclzUXneuryV+B+zBDR4Gqd5wvMqAvKRixgQWoZlZUgq8Wh40uMK3s6bWpzWt1/TqQH02hX", "forceChange": true, "bypassPolicy": "false" }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"value\": \"{SSHA512}UkGWfORubNKFpFBWh+Lgy4FrciclzUXneuryV+B+zBDR4Gqd5wvMqAvKRixgQWoZlZUgq8Wh40uMK3s6bWpzWt1/TqQH02hX\",\n \"forceChange\": true,\n \"bypassPolicy\" : \"false\"\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/users/{{userID}}/password")!,timeoutInterval: Double.infinity) request.addValue("application/vnd.pingidentity.password.setValue+json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "PUT" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 200 OK ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/8376797d-641c-4e7b-8bc1-2fdf71916cab/password" }, "environment": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "user": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/8376797d-641c-4e7b-8bc1-2fdf71916cab" }, "passwordPolicy": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/passwordPolicies/ad53ea0b-28b3-413f-a762-46eaf929ab78" }, "password.check": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/8376797d-641c-4e7b-8bc1-2fdf71916cab/password" }, "password.reset": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/8376797d-641c-4e7b-8bc1-2fdf71916cab/password" }, "password.set": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/8376797d-641c-4e7b-8bc1-2fdf71916cab/password" }, "password.recover": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/8376797d-641c-4e7b-8bc1-2fdf71916cab/password" } }, "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "user": { "id": "8376797d-641c-4e7b-8bc1-2fdf71916cab" }, "passwordPolicy": { "id": "ad53ea0b-28b3-413f-a762-46eaf929ab78" }, "status": "OK", "lastChangedAt": "2023-08-01T19:11:13.000Z" } ```