POST /api/passwordmanagement/sendPasswordResetCode

Validates the email address provided in the request, generates a password reset code, and sends the reset code in an email to the validated address. This operation is called when a user requests a password reset.

For additional information about password reset, see The Password Reset Process.

Note: The platform includes enhanced security settings that can be activated via a configuration setting. The Site Admin can use this to restrict user enumeration in a password reset scenario. In the enhanced security scenario, a different notification is emailed to the user if the email address provided by the user doesn't match any existing account, and yet another if the email address matches a third-party provider account (for example, login with Google). In these scenarios, the password reset code is not sent, but the operation still returns a 200. For more information on this setting, refer to the Site Admin user help: How can I protect from vulnerability in Signup and Forgot Password scenarios?

Authorization Roles/Permissions: For the password reset to complete successfully, the email address must correspond with a valid registered user.

This topic includes the following sections:

HTTP Method

POST

URL

https://{hostname}/api/passwordmanagement/sendPasswordResetCode

Sample Request

The example below shows a reset code request for the specified email address. The email address is encoded.

Sample Request URL

https://{hostname}/api/passwordmanagement/sendPasswordResetCode

Sample request headers

POST /api/passwordmanagement/sendPasswordResetCode HTTP/1.1
Host: {hostname}
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Csrf-Token_acmepaymentscorp: TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...

Sample request body

emailAddress=myname%40example.com

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept application/json, application/vnd.soa.v71+json
Content-Type application/x-www-form-urlencoded
Cookie AtmoAuthToken_{fedmemberid}={cookie value, which usually starts with TokenID}—The platform cookie. This is the Akana API Platform authorization token, and must be sent with every API request that requires login. For more information and an example, see Session cookies.
X-Csrf-Token_{fedmemberID} The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Request Parameters

Parameter Parm Type Data Type Required Description
emailAddress Form string Required The email address for the account for which the user is requesting a password reset.

Response

If successful, this operation returns HTTP status code 200. There is no response body.

Sample Response

The sample response below returns an HTTP code 200 which shows that the operation completed successfully.

Sample response headers

HTTP/1.1 200 OK
Mon, 18 Aug 2014 14:34:41 GMT

Sample response body

Not applicable.

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type application/json, application/vnd.soa.v71+json

Response Body

Not applicable.

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
401 Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing.
405 Method Not Allowed. You might get this if there is an error in the URL, or if you used the wrong HTTP verb.
500 An error occurred processing the call.

More information about Akana API Platform API error messages.