Password Reset Step 2 . Change password

Description

This service is the second and final step of the password reset process. It uses the token and principal that the party received in the password reset email.

The email contains a link similar to the following, which directs the user to a page where they can enter their new password:

HTML

<a href="https://www.yoursite.com?principal=${person.profile.principal}&token=${password.token}">Click Here for Resetting your password</a>

The landing page must capture the new password and submit all three values (token, principal, and the new password) to this service.

Request

Restrictions

This service can only be called when the party is not logged in.

Endpoint

This service can be called on a Person, Physical Location, or Company entity.

PUT https://<server-url>/api/v4/person/password
PUT https://<server-url>/api/v4/physicallocation/password
PUT https://<server-url>/api/v4/company/password

Parameters

Parameter
Location
Description

touchpoint

Query / Header

The identifier for the touchpoint making the request. If sent as a header, the name must be Thalamus-Touchpoint.

token

Query / Header

The authentication token for the API. If sent as a header, the name must be Thalamus-Token.

activity

Query / Header

Optional. The activity to be used. If sent as a header, the name must be Thalamus-Activity.

Content-Type

Header

Specifies the content type of the request body. Must be application/json.

Full URL Example

https://<server-url>/api/v4/person/password?touchpoint=test&token=testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttest

Request Body

The body of the request must be a JSON object containing the password reset token, the new password, and the party's principal.

Field
Type
Description

token

String

The password reset token that was sent in the email link.

password

String

The new password entered by the user.

principal

String

The party's principal identifier, also from the email link.

JSON

{
  "token": "91fba4c4c5e09b4818112c6cedeb53ac",
  "password": "newPassword123",
  "principal": "1:27594535"
}

Response

✅ Successful Response: 200 OK

The password has been successfully changed, and the party is now logged in. The response body contains the new session context.

JSON

{
  "context": {
    "links": [
      {
        "ref": "home",
        "href": "http://localhost:8080/thalamus/api/v4/people/home"
      },
      {
        "ref": "profile",
        "href": "http://localhost:8080/thalamus/api/v4/people/profile"
      },
      {
        "ref": "consumer",
        "href": "http://localhost:8080/thalamus/api/v4/people/consumer"
      }
    ],
    "activities": [
      {
        "links": [],
        "code": "EMileage",
        "name": "E Mileage",
        "message": "E Mileage. You can accumulate points by introducing the codes printed on E packs. Then you can trade those points for items in our catalogue. You will participate in raffle at the end of the activity. You can up-load your codes using your smartphone, our web page, SMS or iPad.",
        "type": "GENERIC"
      }
    ],
    "simpleProfile": {
      "firstname": "user I",
      "lastname": "lopez",
      "email": "[email protected]"
    }
  }
}

❌ Unsuccessful Response: 400 Bad Request

Returned if the provided token, principal, or new password is invalid or does not meet requirements.

JSON

{
  "errors": {
    "token": "InvalidToken",
    "partyCredential.plainPassword": "InvalidPassword",
    "principal": "InvalidPrincipal"
  }
}
PreviousPassword Reset Step 1 . Request emailNextPerson management

Last updated

Was this helpful?