PasswordReset.access_token - REST API

Overview

Invoked during the password reset process after a user clicks a link with the password reset token.

Accepts the token from email and returns a reset key. Along with the token, the reset key is used in in the next step in the process to change the password.

  • HTTP method: PATCH
  • URL path: /zato/sso/password/reset

Request

NameDatatypeOptionalNotes
tokenstring---Password reset token as it was received by the user in email
current_appstring---Name of application that the call is attempted from

Response

NameDatatypeOptionalNotes
cidstring---Correlation ID assigned to request
statusstring---Overall status code
sub_statuslistYesReturned only if status is not "ok", a list of error or warning codes
reset_keystringYesA reset key to be used in the next step to change the password. Returned only if status is OK.

Usage

Token is valid:

$ curl -XPATCH localhost:17010/zato/sso/password/reset -d '
  {
    "token": "13hxw6ar398s4r7d92x8d2gfay",
    "current_app": "CRM"
  }
  '

{
  "cid": "2eb48bf0139c03274c53495d",
  "status": "ok",
  "reset_key": "gAAAAABgrLzSMBtSa-FY88-1nUSJFZcBX...",
  "sub_status": []
}
$

Token is invalid (e.g. already used or expired):

$ curl -XPATCH localhost:17010/zato/sso/password/reset -d '
  {
    "token": "2b2tycmz98bcszpasanjg45h6",
    "current_app": "CRM"
  }
  '

{
  "cid": "4c4eed1a80d3d830e9715705",
  "status": "error",
  "sub_status": ["E010001"]
}
$