Set user password
Added by Vidyashri Hegde | Edited by Vidyashri Hegde on October 15, 2015
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars

This Service operation sets the password for a user after conditionally doing checks against the Password policy. The service does the following
  1. Checks if the user's account is valid and ACTIVE.
  2. If the bypassPolicy parameter is 'false' or not specified, service operation Validates the NewPassword against BSS password policy. The Operation fails if the password does not conform to the policy.
  3. If the bypassPolicy parameter is 'true', then service operation will set the new password for the user irrespective of the policy.

Please note that if the caller chooses to bypass our password policy restrictions then they're responsible for security aspects of the passwords should they be weak or reused.

API caller should have Customer Administrator role.

Table 1. API details

Method
Resource address
Operation header
POST
service/authentication/setUserPassword?bypassPolicy=<true/false>
None


See the following sample HTTP request:

{ "UserCredential" :



{



"LoginName":"JohnDoe@example.com",



"NewPassword":"asdfggdf1",



}

}


For LoginName, specify the login ID or email address of the user. For NewPassword, specify the password for the user.


For a list of common HTTP status codes that are returned for API calls, see HTTP status codes.

Input
Method URI Description
POST service/authentication/setUserPassword?bypassPolicy=true If byPassValue is 'true', the API invocation will ignore the password policy constraints of the
Cloud platform and set the new password as is for the user.
POST service/authentication/setUserPassword?bypassPolicy=false If the byPassPolicy is 'false', the operation succeeds only if the password complies with password
policy constraints of the Cloud platform.
POST service/authentication/setUserPassword The bypassPolicy parameter in URL is optional, but if specified should have a valid value either 'true' or 'false'.By default it will be false
Content Type: application/json
Sample Request:
{ "UserCredential" :
 {"LoginName":"JohnDoe@us.ibm.com",
   "NewPassword":"asdfggdf1",
  }
}
Output
Code Description
404
DATA_NOT_FOUND (404)
The user is not a valid BSS user or user does not exist.
400
INPUT_FORMAT_ERROR (400)
Reaons for this error:
The new password supplied does not conform to the BSS password policy.
The Login name is not specified in request JSON.
The new password is not specified in request JSON.
The user account for this Login name is suspended.
403
Forbidden. The server refuses to fulfill a request, typically because the request was for an object that you don't have permission to access.