The Password Reset Process
The password reset process includes several steps, and several operations come into play to ensure appropriate validation of the user when resetting a password.
Password reset is most commonly used in these scenarios:
- The user is logged in and wants to change the password
- The user is not logged in and has forgotten the password
Logged-in user changes password
If a user has already authenticated and wants to change the password, use the Modify Password operation from the Users service: PUT /api/users/{UserID}/password.
User not logged in and requests password reset
If the user has forgotten the password, the three operations below work in sequence to validate the user via a password reset code and then log the user in.
| This Operation... | Performs this Action... |
|---|---|
|
1) |
Takes user email address, validates that the email is associated with an account, and generates an email notification which is sent to the user with a password reset code. |
|
2) |
Takes email address and password reset code, validates reset code, and returns email address and user name. |
|
3) |
Takes the user email address, new password chosen by user, and password reset code for authentication; updates password in database and logs user in. |