Change user password

POST

/user/password

• Nhost Authentication API Server

Change the user’s password. The user must be authenticated with elevated permissions or provide a valid password reset ticket.

All of the user’s existing sessions are revoked atomically as part of this operation, including the session used to make the request. Clients must treat the user as signed out after a successful response and obtain a new session via sign-in.

Authorizations

• BearerAuthElevated
• None

Request Body ^required

New password and optional password reset ticket for authentication

object

newPassword

required

A password of minimum 3 characters

string

>= 3 characters <= 50 characters

Example

Str0ngPassw#ord-94|%

ticket

Ticket to reset the password, required if the user is not authenticated

string

/^passwordReset\:.*$/

Responses

200

Password changed successfully

string

Allowed values: OK

default

An error occurred while processing the request

Standardized error response

object

status

required

HTTP status error code

integer

Example

400

message

required

Human-friendly error message

string

Example

Invalid email format

error

required

Error code identifying the specific application error

string

Allowed values: default-role-must-be-in-allowed-roles disabled-endpoint disabled-user user-already-exists email-already-verified forbidden-anonymous internal-server-error invalid-email-password invalid-request locale-not-allowed password-too-short password-in-hibp-database redirectTo-not-allowed role-not-allowed signup-disabled unverified-user user-not-anonymous invalid-pat invalid-refresh-token invalid-ticket disabled-mfa-totp no-totp-secret invalid-totp mfa-type-not-found totp-already-active invalid-state oauth-token-echange-failed oauth-profile-fetch-failed oauth-provider-error invalid-otp cannot-send-sms provider-account-already-linked