Would sending a password reset email via the API be enough for your needs?
Request Url: http://localhost:3000/session/forgot_password
Request Method: POST
Form Data:
api_key: {{api_key}}
api_username: {{api_username}}
login: discourse2
The user would then receive an email like this:
that they could use to reset their password.
Other than that I don’t know how you can change the password via the API without knowing the password reset token (which is only available in that email).
But if you did happen to know the password reset token, you could make this API Call:
Request Url: http://localhost:3000/users/password-reset/{token}
Request Method: PUT
Form Data:
api_key: {{api_key}}
api_username: {{api_username}}
username: discourse2
password: password