Table of Contents
| Table of Contents | ||||||
|---|---|---|---|---|---|---|
|
The password reset API consists in 2 mandatory and 1 optional step. The mandatory steps are the initiation of the password reset request and its confirmation. The optional step is to check the status of a previously submitted request.
...
This operation performs the following actions: 1.-
- Creates a token with a short lifespan (
...
- 10 minutes).
...
- Creates an entry in a PasswordResetRequest table associating the token and the
...
- id of the user that is initiating the request. This association prevents any valid token (other than the one that was specifically created for this purpose) to reset a user's password and/or pin.
...
- Optionally emails the user a link that can be used to reset his/her password. (the link contains the generated token and the id of the user)
The output of this operation is:
- A 'success' status of 'false' and a corresponding 'failMessage' if:
- The provided user doesn't exist.
- There is some internal error in the operation.
- A 'success' status of 'true' if the operation was successfully completed in addition of the following information:
- token: The generated token in case it is needed by the client.
- resetURL: The original URL sent by the client but with any additional information added by the server (like the placeholder replaced with the correct token).
Parameters
Base URL: /passwordReset/init
Parameters:
| Name | Type | Mandatory | Description |
|---|---|---|---|
| username | String | Yes | The username of the user initiating the request. |
| resetURL | String | No | DEFAULT: null The URL that will be sent to the user via email. This URL may have 2 placeholders: {token} and {userId} that this service will replace with the generated token for the request and the id of the initiating user. |
| sendEmail | Boolean | No | DEFAULT: 'false' Indicates whether an notification email should be sent to the user. |
API Sample
Happy Path
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
data: {
token: "19c65444-324a-4449-a8de-706ebe9cf8a9",
resetURL: "http://127.0.0.1:8888/portal.html?page=reset&resettoken=19c65444-324a-4449-a8de-706ebe9cf8a9"
},
statusFact: {
success: true
}
} |
Non existing user
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
statusFact: {
failMessage: "Unknown user for provided username",
success: false
}
} |
Password Reset Request Status
Current Implementation
This operation checks whether a particular user has a pending 'password/pin reset' operation.
This operation performs the following actions:
- Check if an entry in PasswordResetRequest table exists for a provided user id and token.
The output of this operation is:
- A 'success' status of 'false' and a corresponding 'failMessage' if:
- There is some internal error in the operation
- A 'success' status of 'true' if the operation was successfully completed in addition to the following information:
- pending: boolean value specifying whether a pending operation exits or not.
Parameters
Base URL: /passwordReset/status
Parameters:
| Name | Type | Mandatory | Description |
|---|---|---|---|
| userId | String | Yes | The id of the user we want to check. (please not confuse the username used in the previous operation with the user id used in this one) |
| token | String | Yes | The token generated in the previous step. Only tokens generated by the 'initiate password/pin' operation are allowed by this operation. |
API Sample
Happy Path
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
data: {
pending: true
},
statusFact: {
success: true
}
} |
Non-existing user/pending operation/wrong token
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
data: {
pending: false
},
statusFact: {
success: true
}
} |
Password Reset Request Confirmation
Current Implementation
This operation modified the pin and/or password of a user.
This is a POST operation.
This operation performs the following actions:
- Modifies pin and/or password of a user.
- Remove the entry of PasswordResetRequest table associated to this operation.
The output of this operation is:
- A 'success' status of 'false' if:
- There is not entry for the provided token in PasswordResetRequest.
- If the provided user id and token don't match the existing PasswordResetRequest entry.
- There is some internal error in the operation.
- A 'success' status of 'true' if the operation was successfully completed.
After this operation is successfully completed, the corresponding PasswordResetRequest entry is eliminated from the database.
Parameters
Base URL: /validateAccount
Parameters:passwordReset/confirm
Parameters:
| Name | Type | Mandatory | Description |
|---|---|---|---|
| userId | String | Yes | The id of the user we want to modify. |
| token | String | Yes | The password reset token associated with the provided user id. |
| password | String | No, unless pin is not provided | The new password we want to assign to the user. If this parameter is not provided, the original password of the user is not modified. |
| pin | String | No, unless password is not provided | The new pin we want to assign to the user. If this parameter is not provided, the original pin of the user is not modified. |
API Sample
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
"statusFact":{
"success":true
}
}
|