POST /api/passwordmanagement/validatePasswordResetCode
Validates a password reset request. Includes support of security challenge questions.
This operation is called when a user is attempting to change a password after requesting a password reset code.
This operation is called twice in succession as follows:
- Takes the reset code, validates it, and returns a security question for the user to answer.
- Takes the answer to the security question, validates it, and either logs the user in if the answer is correct, or else returns another question.
Note: For additional information about password reset, see The Password Reset Process.
Authorization Roles/Permissions: For the operation to complete successfully, the reset code must be a valid result of the sendPasswordResetCode operation which validates that the requestor is a registered user.
This topic includes the following sections:
HTTP Method
POST
URL
https://{hostname}/api/passwordmanagement/validatePasswordResetCode
Sample Request #1
The example below shows a password reset request with the reset code in the request.
Sample Request URL
https://{hostname}/api/passwordmanagement/validatePasswordResetCode?passwordResetCode=134793007454
Sample request headers
Accept: application/vnd.soa.v72+json Content-Type: application/vnd.soa.v72+json X-Csrf-Token_acmepaymentscorp: TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...
Sample request body
{
"Email" : "jane.saoirse@example.com",
"PasswordResetCode" : "hwP9uvHfC61cGWscTXvGjGWrDwscSikdrKlvrR5zePm9NUdnO2SpOcCjxAzrrDpdW71clgv1hExUxLNCBG2oGiTjaM7nMvU_I2_86eWMVHc"
}
Sample Request #2 (after #1 has completed successfully)
The example below shows the user's answer to the password challenge question in the request.
Sample Request URL
https://{hostname}/api/passwordmanagement/validatePasswordResetCode
Sample request headers
Accept: application/vnd.soa.v72+json Content-Type: application/vnd.soa.v72+json
Sample request body
{
"Email" : "jane.saoirse@example.com",
"PasswordResetCode" : "hwP9uvHfC61dOkMPFfVUjbQF1yJIsV-WZi7CylonRJwj6PTJ6TfKl
TxcCUKiXW1PRW3NzO63u49l1Gmo2O9ApWGQE2Gs1SkXz4SLI_KNe_A",
"UserIdentificationChallenge" : {
"UserID" : "5992539b-0dbd-4091-95cc-80047adf3efa.acmepaymentscorp",
"ChallengeCode" : "com.soa.challenge.question.color",
"ChallengeQuestion" : "What is your favorite color?",
"Answer" : "Black"
}
}
Request Headers
For general information on request header values, refer to HTTP Request Headers.
| Header | Description |
|---|---|
| Accept | application/json, application/vnd.soa.v72+json |
| Content-Type |
Any one of the following media types is valid for the request Content-Type: application/json or application/vnd.soa.v72+json |
| Cookie | AtmoAuthToken_{fedmemberid}={cookie value, which usually starts with TokenID}—The platform cookie. This is the Akana API Platform authorization token, and must be sent with every API request that requires login. For more information and an example, see Session cookies. |
| X-Csrf-Token_{fedmemberID} | The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login. |
Request Parameters
| Parameter | Parm Type | Data Type | Required | Description |
|---|---|---|---|---|
| passwordResetRequest | Body | PasswordResetRequest | Required | Contains information needed for a user's password reset request. |
Response
If successful, this operation returns HTTP status code 200, with information about the password reset request.
Sample Response #1
The sample response below shows the security challenge question returned after validation of the reset code.
Sample response headers: application/json
HTTP/1.1 200 OK Date: Mon, 18 Aug 2014 15:06:09 GMT Content-Type: application/json
Sample response body: application/json
{
"emailAddress" : "jane.saoirse@example.com",
"userName" : "JaneSaoirse",
"UserIdentificationChallenge" : {
"UserID" : "5992539b-0dbd-4091-95cc-80047adf3efa.acmepaymentscorp",
"ChallengeCode" : "com.soa.challenge.question.color",
"ChallengeQuestion" : "What is your favorite color?"
}
}
Sample Response #2
The sample response below shows successful completion of this operation. The user's answer to the security question has been validated and the cookie is set.
Sample response headers: application/json
HTTP/1.1 200 OK Date: Mon, 18 Aug 2014 15:06:09 GMT Content-Type: application/json
Sample response body: application/json
{
"ResetStatus" : "user.password.reset.valid.answer"
}
Response Headers
For general information on response header values, refer to HTTP Response Headers.
| Header | Description |
|---|---|
| Content-Type | application/json, application/vnd.soa.v72+json |
Response Body
| Name | Type | Description |
|---|---|---|
| PasswordResetResponse | PasswordResetResponse | Contains information for the response to a user's password reset request. |
Error Codes/Messages
If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.
| Item | Value |
|---|---|
| 500 | An error occurred processing the call. |
More information about Akana API Platform API error messages.