POST /api/passwordmanagement/sendPasswordResetCode
Validates the email address provided in the request, generates a password reset code, and sends the reset code in an email to the validated address. This operation is called when a user requests a password reset.
For additional information about password reset, see The Password Reset Process.
Note: The platform includes enhanced security settings that can be activated via a configuration setting. The Site Admin can use this to restrict user enumeration in a password reset scenario. In the enhanced security scenario, a different notification is emailed to the user if the email address provided by the user doesn't match any existing account, and yet another if the email address matches a third-party provider account (for example, login with Google). In these scenarios, the password reset code is not sent, but the operation still returns a 200. For more information on this setting, refer to the Site Admin user help: How can I protect from vulnerability in Signup and Forgot Password scenarios?
Authorization Roles/Permissions: For the password reset to complete successfully, the email address must correspond with a valid registered user.
This topic includes the following sections:
HTTP Method
POST
URL
https://{hostname}/api/passwordmanagement/sendPasswordResetCode
Sample Request
The example below shows a reset code request for the specified email address. The email address is encoded.
Sample Request URL
https://{hostname}/api/passwordmanagement/sendPasswordResetCode
Sample request headers
POST /api/passwordmanagement/sendPasswordResetCode HTTP/1.1
Host: {hostname}
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Csrf-Token_acmepaymentscorp: TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...
Sample request body
emailAddress=myname%40example.com
Request Headers
For general information on request header values, refer to HTTP Request Headers.
| Header | Description |
|---|---|
| Accept | application/json, application/vnd.soa.v71+json |
| Content-Type | application/x-www-form-urlencoded |
| Cookie | AtmoAuthToken_{fedmemberid}={cookie value, which usually starts with TokenID}—The platform cookie. This is the Akana API Platform authorization token, and must be sent with every API request that requires login. For more information and an example, see Session cookies. |
| X-Csrf-Token_{fedmemberID} | The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login. |
Request Parameters
| Parameter | Parm Type | Data Type | Required | Description |
|---|---|---|---|---|
| emailAddress | Form | string | Required | The email address for the account for which the user is requesting a password reset. |
Response
If successful, this operation returns HTTP status code 200. There is no response body.
Sample Response
The sample response below returns an HTTP code 200 which shows that the operation completed successfully.
Sample response headers
HTTP/1.1 200 OK Mon, 18 Aug 2014 14:34:41 GMT
Sample response body
Not applicable.
Response Headers
For general information on response header values, refer to HTTP Response Headers.
| Header | Description |
|---|---|
| Content-Type | application/json, application/vnd.soa.v71+json |
Response Body
Not applicable.
Error Codes/Messages
If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.
| Item | Value |
|---|---|
| 401 | Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing. |
| 405 | Method Not Allowed. You might get this if there is an error in the URL, or if you used the wrong HTTP verb. |
| 500 | An error occurred processing the call. |
More information about Akana API Platform API error messages.