Resetting the User Password

A user can reset their password if they forget it.

The user can execute the password reset without logging in. Once the password is reset, the user access token obtained by logging in with the old password will be invalided. The user needs to relogin with the new password.

New password after reset

A new password will become valid after resetting the old password. The new password is determined by one of the following ways:

  • Auto-generate by Kii Cloud (Default)
  • Manually set by the user

You can configure the new password generation method on the developer portal. See Configuring the generation of a new password.

Resetting the password

A user can use either email or SMS when resetting their password. For SMS, you can set either a URL link or PIN code for resetting the password.

Resetting by email

The following is an example of resetting a password with email. We are using the verified email address for specifying the target user in this example; you can also use the user ID and the verified phone number.

curl -v -X POST \
  -H "Authorization: Basic {BASE64_ENCODED_APPID_AND_APPKEY}" \
  -H "Content-Type: application/vnd.kii.ResetPasswordRequest+json" \
  "https://api.kii.com/api/apps/{APP_ID}/users/EMAIL:{EMAIL_ADDRESS}/password/request-reset" \
  -d '{
    "notificationMethod": "EMAIL"
  }'

You send a request to reset a password with Basic Authentication. Replace {BASE64_ENCODED_APPID_AND_APPKEY} with a Base64-encoded string of concatenated AppID and an arbitrary value with a colon (:) in between the two values.

When the above request is completed, the user will receive an email with the URL link for resetting their password. The user's email address must be verified beforehand; you cannot use this method if the email address is unverified.

You can customize the content of the email on the developer portal. See Customizing Email/SMS Templates for the details.

The action that will take place when the user clicks the URL link depends on the configuration made on the developer portal.

  • Auto-generate by Kii Cloud: The password will be reset, and the auto-generated password will be notified to the user via email.

  • Manually set by the user: The user will be directed to the web page for entering a new password. When the user enters a new password, the password will be reset, and the specified new password becomes valid.

The following is an example of resetting a password with SMS (URL link). We are using the verified phone number for specifying the target user in the sample code below; you can also use the user ID and the verified email address. You can omit the smsResetMethod field; if you omit the field, the "URL" will be applied as the default value.

curl -v -X POST \
  -H "Authorization: Basic {BASE64_ENCODED_APPID_AND_APPKEY}" \
  -H "Content-Type: application/vnd.kii.ResetPasswordRequest+json" \
  "https://api.kii.com/api/apps/{APP_ID}/users/PHONE:{PHONE_NUMBER}/password/request-reset" \
  -d '{
    "notificationMethod": "SMS",
    "smsResetMethod": "URL"
  }'

You send a request to reset a password with Basic Authentication. Replace {BASE64_ENCODED_APPID_AND_APPKEY} with a Base64-encoded string of concatenated AppID and an arbitrary value with a colon (:) in between the two values.

When the above request is completed, the user will receive an SMS with the URL link for resetting their password. The user's phone number must be verified beforehand; you cannot use this method if the phone number is unverified.

You can customize the content of the SMS message on the developer portal. See Customizing Email/SMS Templates for the details.

The action that will take place when the user clicks the URL link depends on the configuration made on the developer portal.

  • Auto-generate by Kii Cloud: The password will be reset, and the auto-generated password will be notified to the user via SMS.

  • Manually set by the user: The user will be directed to the web page for entering a new password. When the user enters a new password, the password will be reset, and the specified new password becomes valid.

Resetting by SMS with a PIN code

The following is an example of resetting a password with SMS (PIN code). We are using the verified phone number for specifying the target user in the sample code below; you can also use the user ID and the verified email address.

curl -v -X POST \
  -H "Authorization: Basic {BASE64_ENCODED_APPID_AND_APPKEY}" \
  -H "Content-Type: application/vnd.kii.ResetPasswordRequest+json" \
  "https://api.kii.com/api/apps/{APP_ID}/users/PHONE:{PHONE_NUMBER}/password/request-reset" \
  -d '{
    "notificationMethod": "SMS",
    "smsResetMethod": "PIN"
  }'

You request a PIN code with Basic Authentication. Replace {BASE64_ENCODED_APPID_AND_APPKEY} with a Base64-encoded string of concatenated AppID and an arbitrary value with a colon (:) in between the two values.

When the above request is completed, the user will receive an SMS with the PIN code for resetting their password. The user's phone number must be verified beforehand; you cannot use this method if the phone number is unverified.

Next, request the password reset by sending the obtained PIN code as follows:

curl -v -X POST \
  -H "Authorization: Basic {BASE64_ENCODED_APPID_AND_APPKEY}" \
  -H "Content-Type: application/vnd.kii.CompletePasswordResetRequest+json" \
  "https://api.kii.com/api/apps/{APP_ID}/users/PHONE:{PHONE_NUMBER}/password/complete-reset" \
  -d '{
    "pinCode": "123456",
    "newPassword": "new_password_00"
  }'

You send a request to reset a password with Basic Authentication. Replace {BASE64_ENCODED_APPID_AND_APPKEY} with a Base64-encoded string of concatenated AppID and an arbitrary value with a colon (:) in between the two values.

How to send the PIN code and what kind of action will take place after sending the PIN code depend on the configuration made on the developer portal.

  • Auto-generate by Kii Cloud: Send only the PIN code (if you send a password, it will be ignored). When the request is completed successfully, the password will be reset, and the auto-generated password will be notified to the user via SMS.

  • Manually set by the user: Send the PIN code and the new password. When the request is completed successfully, the password will be reset, and the specified password becomes valid.