Modify Password

PATCH /auth/v1/user/password

API Description

Modify the current user's password, requires obtaining a temporary administrator privileges sudo_token to execute. This operation is used for users to modify their own login password, requiring secondary verification to ensure security.

Features

Modify current user's login password
Requires sudo_token for secondary verification
Supports password strength validation
Old password becomes invalid immediately after modification
Automatically logout other device logins

Input Requirements

Required Parameters

Authorization: Current logged-in user's access_token (required, Bearer format)
sudo_token: Temporary administrator privileges token (required, obtained through sudo API)
client_id: Client ID corresponding to the application (optional, defaults to environment ID)
x-device-id: Device ID (optional, current logged-in device ID)

Request Body Parameters

old_password: Old password (optional, if user has password)
new_password: New password (required, 8-64 characters, including uppercase and lowercase letters, numbers, special characters)
confirm_password: Confirm password (optional, for frontend validation)

Prerequisites

User must be logged in and hold valid access_token
Must obtain valid sudo_token through sudo API
sudo_token must be within validity period (15 minutes)
New password must meet password strength requirements
If user already has password, need to provide old password for verification

Output Description

Successful Response

Returns empty object, indicating password modification successful

Request Examples

Modify Password Request Example (with old password)

PATCH /auth/v1/user/password?sudo_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxODQ5NzU1MTE5ODQwNDk3NjY0IiwiZXhwIjoxNzM0Njg5NTU3LCJpYXQiOjE3MzQ2ODIzNTcsInNjb3BlIjoic3VkbyJ9
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsInN1YiI6Ijk4NzY1NDMyMTAxMjM0NTY3ODkiLCJhdWQiOiJkZW1vLWFwcC0yZjhhOWMzZTFiNGQiLCJleHAiOjE3MzQ2NzU4ODksImlhdCI6MTczNDY2ODY4OSwic2NvcGUiOiJ1c2VyIn0.dGhpc19pc19hX2Zha2Vfc2lnbmF0dXJlX2Zvcl9leGFtcGxlX3B1cnBvc2VzX29ubHlfZG9fbm90X3VzZV9pbl9wcm9kdWN0aW9uX2Vudmlyb25tZW50X3RoaXNfaXNfbm90X3JlYWxfdG9rZW5fZGF0YQ
Content-Type: application/json

{
  "old_password": "OldDemo123!@#",
  "new_password": "NewDemo456$%^",
  "confirm_password": "NewDemo456$%^"
}

Modify Password Request Example (no old password, first time setting)

PATCH /auth/v1/user/password?sudo_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxODQ5NzU1MTE5ODQwNDk3NjY0IiwiZXhwIjoxNzM0Njg5NTU3LCJpYXQiOjE3MzQ2ODIzNTcsInNjb3BlIjoic3VkbyJ9
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsInN1YiI6Ijk4NzY1NDMyMTAxMjM0NTY3ODkiLCJhdWQiOiJkZW1vLWFwcC0yZjhhOWMzZTFiNGQiLCJleHAiOjE3MzQ2NzU4ODksImlhdCI6MTczNDY2ODY4OSwic2NvcGUiOiJ1c2VyIn0.dGhpc19pc19hX2Zha2Vfc2lnbmF0dXJlX2Zvcl9leGFtcGxlX3B1cnBvc2VzX29ubHlfZG9fbm90X3VzZV9pbl9wcm9kdWN0aW9uX2Vudmlyb25tZW50X3RoaXNfaXNfbm90X3JlYWxfdG9rZW5fZGF0YQ
Content-Type: application/json

{
  "new_password": "FirstDemo789&*(",
  "confirm_password": "FirstDemo789&*("
}

Response Examples

Modification Success Response

{}

Old Password Error Response

{
  "error": "invalid_password",
  "error_code": 4003,
  "error_description": "Old password error, please re-enter"
}

Password Strength Insufficient Response

{
  "error": "weak_password",
  "error_code": 4005,
  "error_description": "Password strength insufficient, please use combination of uppercase and lowercase letters, numbers and special characters"
}

Usage Flow

1. Get sudo_token

Call Get sudo_token API
Obtain sudo_token through password or verification code verification

2. Verify Password Rules

Frontend validates new password strength
Confirm password consistency
Check password history

3. Execute Modification

Call this API to modify password
Pass sudo_token for secondary verification

4. Handle Result

Prompt user on successful modification
Display specific reason on error
Automatically logout other device logins

Key Characteristics

Security

Requires sudo_token secondary verification
Automatic password strength detection
Prevents password reuse
Automatically logout other devices

Password Rules

Length: 8-64 characters
Must include uppercase and lowercase letters
Must include numbers
Must include special characters
Cannot be same as old password

Notes

Security Recommendations

Recommend regular password changes
Avoid using common password combinations
Don't use same password as other websites
Recommend enabling two-factor authentication

Password Strength Requirements

At least 8 characters, maximum 64 characters
Include uppercase letters, lowercase letters, numbers, special characters
Cannot contain username or email address
Cannot use consecutive or repeated characters

Impact Scope

Takes effect immediately after modification
Other device logins automatically invalidated
Need to re-login all devices
Third-party logins not affected

Common Error Scenarios

sudo_token expired: Prompt user to re-verify
Old password error: Display specific error message
Password strength insufficient: Provide password rule explanation
Network exception: Retry mechanism

Get sudo_token - Get temporary administrator privileges token
Password Recovery - Reset password when forgotten
Get User Information - Get current user information
Logout - User logout

Request

Query Parameters

client_id string

Client ID corresponding to the application, can be obtained from Cloud Development Platform -> Identity Authentication -> Development Settings. Defaults to environment ID, can be omitted

Header Parameters

x-device-id string

Device ID, the ID of the current logged-in device. The client should generate it randomly and cache it on the client. This parameter is related to the number of logged-in accounts.

Authorization stringrequired

The access_token of the current logged-in user, format is Bearer xxx

Example: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsInN1YiI6Ijk4NzY1NDMyMTAxMjM0NTY3ODkiLCJhdWQiOiJkZW1vLWFwcC0yZjhhOWMzZTFiNGQiLCJleHAiOjE3MzQ2NzU4ODksImlhdCI6MTczNDY2ODY4OSwic2NvcGUiOiJ1c2VyIn0.dGhpc19pc19hX2Zha2Vfc2lnbmF0dXJlX2Zvcl9leGFtcGxlX3B1cnBvc2VzX29ubHlfZG9fbm90X3VzZV9pbl9wcm9kdWN0aW9uX2Vudmlyb25tZW50X3RoaXNfaXNfbm90X3JlYWxfdG9rZW5fZGF0YQ

application/json

Body

sudo_token string

Admin token; if the original account has no password and both phone number and email are empty, no admin token is needed for direct modification

new_password string

New Password

Responses

A successful response.

Response Headers

application/json

Schema

Schema

any

An unexpected error response.

Response Headers

application/json

Schema
Example (from schema)

Schema

error Error message (string)

error_code int32

error_description Error description (string)

{
  "error": "string",
  "error_code": 0,
  "error_description": "string"
}

Modify Password

/auth/v1/user/password

API Description​

Features​

Input Requirements​

Required Parameters​

Request Body Parameters​

Prerequisites​

Output Description​

Successful Response​

Request Examples​

Modify Password Request Example (with old password)​

Modify Password Request Example (no old password, first time setting)​

Response Examples​

Modification Success Response​

Old Password Error Response​

Password Strength Insufficient Response​

Usage Flow​

1. Get sudo_token​

2. Verify Password Rules​

3. Execute Modification​

4. Handle Result​

Key Characteristics​

Security​

Password Rules​

Notes​

Security Recommendations​

Password Strength Requirements​

Impact Scope​

Common Error Scenarios​

Related APIs​

Request​