Is there an API for changing a password?


(Adam Beers) #1

I’m wondering if there is an API for updating or changing a password. I can’t find it in the API documentation, but it seems like something that would exist. I’m looking more specifically for a CURL type or HTTPS type request, similar to account creation APIs.


(Blake Erickson) #2

Would sending a password reset email via the API be enough for your needs?

Request Url: http://localhost:3000/session/forgot_password
Request Method: POST
Form Data:
  api_key: {{api_key}}
  api_username: {{api_username}}
  login: discourse2

The user would then receive an email like this:

that they could use to reset their password.

Other than that I don’t know how you can change the password via the API without knowing the password reset token (which is only available in that email).

But if you did happen to know the password reset token, you could make this API Call:

Request Url: http://localhost:3000/users/password-reset/{token}
Request Method: PUT
Form Data:
  api_key: {{api_key}}
  api_username: {{api_username}}
  username: discourse2
  password: password

(Adam Beers) #3

Not sure if that will work. I’ve made an Android app for a Discourse forum, but one thing it lacks is support for forgotten passwords. There is no mechanism for it that I have seen. The forum only exists in the app. There is no webpage for it.

With the email, how do you initiate the sending of it?


(Felix Freiberger) #4

Oh, wait, are you looking for an API for a user to change his own password?

If so, there’s an API for that – just change your password here and use your browsers Dev tools to find out how it works :slight_smile:


(Blake Erickson) #5

Yea try resetting your password here on meta and discourse sends you an email. There is no change password input field.


(Adam Beers) #6

I went to my account preferences and all that exists there is a “Send Password Reset Email” button. Bummer. I’ll have to figure out another way to do it I guess.


(Felix Freiberger) #7

Oh, you’re right. Looks like there is no way of changing the password without a reset.
Maybe that should be a #feature?