Identity Services API

This API has been scheduled for deprecation. Information on recommended alternatives is forthcoming. Please contact your customer success representative for more information.

This API supports a login service which enables customers (endusers) of a web-based or mobile property to authenticate themselves to the SessionM Platform in order to gain access to their program. It uses the OAuth2 protocol for login and registration.

You can implement a registration workflow with the Customer Profile API or by developing your own login form. These APIs allow sign-in using a password provided to a customer in an email or using a social login. In addition, the SMP Identity service supports resetting or updating passwords.

API Contingencies and Combinations:
Since identity services enable authorization for customer, you must create the customer that requires the service. Use the Standard Profile API to create customers and specify the attributes for their standard profiles.
Before you can use identity services, verify that you have permission for the appropriate access level. This permissions level is the same as the level required to create or modify a customer account.

This API provides a set of methods that do the following:

Authorize a Customer for an Identity Service

Authorizes, or directs, the customer to the SMP identity service. If they don't have an active session, they are prompted to log in or create an account. After doing so, they are prompted to grant permission to the client application so it can access their user data. Then they are redirected back to the specified redirect URI, with an authorization code.

This authorization code can be exchanged for an access token, which can retrieved by the endpoint detailed in Fetch an Access Token for an Authorized Customer.

Note that this authorization endpoint can pass a request using either parameters or a JSON request object.

Endpoints

This method offers the following endpoints:

Copy
REST Endpoints
GET /<identity service URL>/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=CALLBACK_URL

For more information on how to specify an endpoint as part of an actual URL, see Before You Begin. The procedure in this section includes a sample URL for a customer transaction.

Endpoint Parameters

The following parameters are available when specifying the endpoint for this method:

Endpoint Parameter Description
response_type Required. String. Specifies that the application is requesting an authorization code grant. Default value is code. Note that token, for implicit grants, is not supported.
client_id Required. String. How the API identifies the application. Provides client ID that was specified during OAuth application setup.
redirect_uri Required. String. The URI that the identity service redirects to after successful user authentication.
scope String. The scope of the access request. This must be openid in order to retrieve an ID token.
state String. Passed to the redirect URI as a URL parameter.
prompt String. Prompts the user to re-authenticate, even if they are already logged in. Default value is login.

Request Object

When this method runs, it can take either parameters in the endpoint or a request object that contains the details shown below:

Copy
JSON Request
{
    "client_id": "sample_client_id",
    "response_type": "code",
    "redirect_uri": "https://example.com/callback_url"
}            

The request object's attributes are detailed in Endpoint Parameters.

The response to this request is an HTTP 302 status code to the redirect URI, with the authorization code included as a parameter in the URL. So, if the redirect_uri is https://example.com/oauth/callback, the browser redirects to https://example.com/oauth/callback?code=exampleauthcode.

Response Object

Not applicable.

Statuses and Errors

When this method makes a successful call to the platform, it returns a 200-level status code. When the string returned with a 200-level status code is ok, the transaction did process. But, if the string returned is error, you need to discover what type of error occurred.

Returned errors can be either method-specific or generic. The platform returns the following error messages for this method:

Code Reason
invalid_request The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
unauthorized_client The client is not authorized to request an authorization code using this method.
access_denied The resource owner or authorization server denied the request.
unsupported_response_type The authorization server does not support obtaining an authorization code using this method.
invalid_scope The requested scope is invalid, unknown, or malformed.
server_error The authorization server encountered an unexpected condition that prevented it from fulfilling the request. (This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.)
temporarily_unavailable The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. (This error code is needed because a 503 Service Unavailable HTTP status code cannot be returned to the client via an HTTP redirect.)

For information on the generic statuses and errors returned for any object, see the associated section in Generic Statuses and Errors.

Fetch an Access Token for an Authorized Customer

Fetches the access token for an authorized customer. This access token would be available after having been exchanged for the authorization code. If the request used to authoize the customer was set to openid, then the identity token would also be available.

This is a server-to-server request that must be done before the response is rendered on the redirected page. The access token can then be passed to the rendered application if needed for authorization for AJAX requests. The response is a JSON object containing the access token, token duration, scopes, time token was created, and, if the openid scope was specified, the ID token.

Access tokens should be cached client-side in order to access protected resources that belong to the user. Tokens last for two weeks. They can be refreshed by using the token refresh endpoint.

Note that this fetch endpoint can pass a request using either parameters or a JSON request object.

Endpoints

This method offers the following endpoints:

Copy
REST Endpoints
POST /<identity service URL>/oauth/token?grant_type=authorization_code&code=AUTHORIZATION_CODE&redirect_uri=CALLBACK_URL&client_id=CLIENT_ID&client_secret=CLIENT_SECRET

Endpoint Parameters

Endpoint Parameter Description
grant_type Required. String. Must be authorization_code. This grant type is optimized for server-side applications, ensuring that source code is not publicly exposed and client secret confidentiality is maintained.
code Required. String. Authorization code passed to the customer agent after the authorization request.
redirect_uri Required. String. The URI that the identity service redirects to after successful user authentication. Must match redirect_uri specified in the authorization request.
client_id Required. String. How the API identifies the application. Provides client ID that was specified during OAuth application setup.
client_secret Required. String. The client_secret value specified during OAuth application setup.

Request Object

When this method runs, it can take either parameters in the endpoint or a request object that contains the details shown below:

Copy
JSON Request
{
    "grant_type": "authorization_code",
    "code": "41d407a0824a5b6b8f3a5f29",
    "redirect_uri": "https://example.com/callback_url",
    "client_id": "sample_client_id",
    "client_secret": "secret"
}            

The request object's attributes are detailed in Endpoint Parameters.

Response Object

In addition to a status value-pair for the transaction, the response object contains the attributes shown in the sample below:

Copy
JSON Response
{
    "access_token": "070fd79c35ee0e51a0a1804e41d407a0824a5b6b8f3a5f2966654baba4ac792a",
    "token_type": "bearer",
    "expires_in": 6637,
    "refresh_token": "bb72e4d1c93e104a3814c5500dac028e900d8c2838a0676c2e4a915436ab47ff",
    "scope": "openid profile email address phone",
    "created_at": 1480622573,
    "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IkZxNmlmZjMzTHh5Q3NEYS1nLXhnWG9Vc2RyTUpsLWpkTExmQ1UtUVRDVjgifQ.eyJpc3MiOiJodHRwOi8vY2JsYXRjaGxleS1tYnAuaS5zZXNzaW9ubS5jb206MzAwOCIsInN1YiI6ImQyMTIwYjQ0LWFiNjUtMTFlNi04NWI5LTA4Mjg4OWFiZjhjMyIsImF1ZCI6ImIzYTQ4N2NiMTg1ZmZlNTEyMDQ4ZTFkOWM2YWNkNTJkMTZjMzM4YzY2N2RiZTk1NDc3NDk1OTJmZDE1MjA0MGIiLCJleHAiOjE0ODA2MjMyNTYsImlhdCI6MTQ4MDYyMzEzNiwiYXV0aF90aW1lIjoxNDgwNjIzMTM2fQ.BdsWS4zlMvADPIMMsplxeJ_CXMYXcXccDGd3iFLBT_RqTo4LwEQJmteQxncHAIpKRuMeNKOKfgfK4fbTo9gIamhQ_YO0yq4FSCQ96OLtOh6Aqj4S4fF_h1P-sb-iTxrCBZkdK154xJS4fMyxG8vQLwtS-b1lNv_ai40-Gn0qcdAi1wfdiK3OXS5lCU-UtFrcDFOjJF5uIkmdN2jIyKCXvZwD0GYdBiIGwlRZNZDc6y0O1oBU2toeuQee5Zoy-sBpgcOhF7F-Zhr_y3yzPwJqAn9liXres7Gn9Xdiwfc7MZibHdXn5wf21UN4IjZxK8ASjOCqf-8oZr9EFn7PoaU9HA"
}            

The following table documents this object:

Response Attributes

Attribute Type Description
access_token string String. Access token granted from the token endpoint.
token_type string Always set to bearer.
expires_in integer Number of seconds elapsed since created_at timestamp.
refresh_token string Refresh token from the original token request.
scope string The scope of the access request. This must be openid in order to retrieve an ID token.
created_at timestamp UNIX timestamp for when token was generated.
id_token string Identifier of token.

Statuses and Error

When this method makes a successful call to the platform, it returns a 200-level status code. When the string returned with a 200-level status code is ok, the transaction did process. But, if the string returned is error, you need to discover what type of error occurred.

Returned errors can be either method-specific or generic. The platform returns the following error messages for this method:

Code Reason
invalid_request The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
unauthorized_client The client is not authorized to request an authorization code using this method.
access_denied The resource owner or authorization server denied the request.
unsupported_response_type The authorization server does not support obtaining an authorization code using this method.
invalid_scope The requested scope is invalid, unknown, or malformed.
server_error The authorization server encountered an unexpected condition that prevented it from fulfilling the request. (This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.)
temporarily_unavailable The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. (This error code is needed because a 503 Service Unavailable HTTP status code cannot be returned to the client via an HTTP redirect.)

For information on the generic statuses and errors returned for any object, see the associated section in Generic Statuses and Errors.

Refresh an Access Token for an Authorized Customer

Refreshes the access token for an authorized customer. The response is a JSON object containing the access token, token duration, scopes, and the time the token was created.

Access tokens should be cached client-side in order to access protected resources that belong to the user. Tokens last for two weeks. If you need more information on how to fetch them, see the fetch endpoint.

Note that this refresh endpoint can pass a request using either parameters or a JSON request object.

Endpoints

This method offers the following endpoints:

Copy
REST Endpoints
POST /<identity service URL>/oauth/token?grant_type=refresh_token&refresh_token=REFRESH_TOKEN&redirect_uri=CALLBACK_URL&client_id=CLIENT_ID            

For more information on how to specify an endpoint as part of an actual URL, see Before You Begin. The procedure in this section includes a sample URL for a customer transaction.

Endpoint Parameters

Endpoint Parameter Description
grant_type Required. String. Must be refresh_token.
refresh_token Required. String. Refresh token from the original token request.
redirect_uri String. The URI that the identity service redirects to after successful user authentication. Must match redirect_uri specified in the authorization request.
client_id Required. String. How the API identifies the application. Provides client ID that was specified during OAuth application setup.

Request Object

When this method runs, it can take either parameters in the endpoint or a request object that contains the details shown below:

Copy
JSON Request
{
    "grant_type": "refresh_token",
    "refresh_token": "71d407ab8f3a5f29",
    "redirect_uri": "https://example.com/callback_url",
    "client_id": "sample_client_id"
}            

The request object's attributes are detailed in Endpoint Parameters.

Response Object

In addition to a status value-pair for the transaction, the response object contains the attributes shown in the sample below:

Copy
JSON Response
{
    "access_token": "070fd79c35ee0e51a0a1804e41d407a0824a5b6b8f3a5f2966654baba4ac792a",
    "token_type": "bearer",
    "expires_in": 6637,
    "refresh_token": "bb72e4d1c93e104a3814c5500dac028e900d8c2838a0676c2e4a915436ab47ff",
    "scope": "openid profile email address phone",
    "created_at": 1480622573
}            

The following table documents this object:

Response Attributes

Attribute Type Description
access_token string String. Access token granted from the token endpoint.
token_type string Always set to bearer.
expires_in integer Number of seconds elapsed since created_at timestamp.
refresh_token string Refresh token from the original token request.
scope string The scope of the access request. This must be openid in order to retrieve an ID token.
created_at timestamp UNIX timestamp for when token was generated.

Statuses and Errors

When this method makes a successful call to the platform, it returns a 200-level status code. When the string returned with a 200-level status code is ok, the transaction did process. But, if the string returned is error, you need to discover what type of error occurred.

Returned errors can be either method-specific or generic. The platform returns the following error messages for this method:

Code Reason
invalid_request The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
unauthorized_client The client is not authorized to request an authorization code using this method.
access_denied The resource owner or authorization server denied the request.
unsupported_response_type The authorization server does not support obtaining an authorization code using this method.
invalid_scope The requested scope is invalid, unknown, or malformed.
server_error The authorization server encountered an unexpected condition that prevented it from fulfilling the request. (This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.)
temporarily_unavailable The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. (This error code is needed because a 503 Service Unavailable HTTP status code cannot be returned to the client via an HTTP redirect.)

For information on the generic statuses and errors returned for any object, see the associated section in Generic Statuses and Errors.

Fetch an Access Token for an OAuth 2 Client

Fetches an access token for an OAuth 2 client application that can make API requests of the SMP Identity Service using client credentials, including a client ID and client secret.

Subsequent S2S API requests to the SMP can be authenticated using the access token by passing it as a bearer token in the HTTP authorization header.

Note that this endpoint can pass a request using either parameters or a JSON request object.

Endpoints

This method offers the following endpoints:

Copy
REST Endpoints
POST /<identity service URL>/oauth/token?grant_type=client_credentials&client_id=my_client_id&client_secret=my_client_secret    

For more information on how to specify an endpoint as part of an actual URL, see Before You Begin. The procedure in this section includes a sample URL for a customer transaction.

Endpoint Parameters

Endpoint Parameter Description
grant_type Required. String. Must be client_credentials.
client_id Required. String. How the API identifies the client application. Provides client ID that was specified during OAuth application setup.
client_secret Required. String. Provides client secret that was specified during OAuth application setup.

Request Object

When this method runs, it can take either parameters in the endpoint or a request object that contains the details shown below:

Copy
JSON Request
{
    "grant_type": "client_credentials",
    "client_id": "sample_client_id",
    "client_secret": "sample_client_secret"
}            

The request object's attributes are detailed in Endpoint Parameters.

Response Object

In addition to a status value-pair for the transaction, the response object contains the attributes shown in the sample below:

Copy
JSON Response
{
    "access_token": "070fd79c35ee0e51a0a1804e41d407a0824a5b6b8f3a5fa4ac792a2",
    "created_at": 1553199154,
    "expires_in": 1209599,
    "scope": "openid",
    "token_type": "bearer"
}

The following table documents this object:

Response Attributes

Attribute Type Description
access_token string String. Access token granted from the token endpoint.
created_at timestamp UNIX timestamp for when token was generated.
expires_in integer Number of seconds elapsed since created_at timestamp.
scope string The scope of the access request. This must be openid in order to retrieve an ID token.
token_type string Always set to bearer.

Statuses and Errors

When this method makes a successful call to the platform, it returns a 200-level status code. When the string returned with a 200-level status code is ok, the transaction did process. But, if the string returned is error, you need to discover what type of error occurred.

Returned errors can be either method-specific or generic. The platform returns the following error messages for this method:

Code Reason
invalid_request The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
unauthorized_client The client is not authorized to request an authorization code using this method.
access_denied The resource owner or authorization server denied the request.
unsupported_response_type The authorization server does not support obtaining an authorization code using this method.
invalid_scope The requested scope is invalid, unknown, or malformed.
server_error The authorization server encountered an unexpected condition that prevented it from fulfilling the request. (This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.)
temporarily_unavailable The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. (This error code is needed because a 503 Service Unavailable HTTP status code cannot be returned to the client via an HTTP redirect.)

For information on the generic statuses and errors returned for any object, see the associated section in Generic Statuses and Errors.

Fetch User Information for a Customer

Fetches user information pertaining to a customer according to the scope granted by the authorization request. Common scopes used alongside openid are profile, gender, email, and phone. The response is a JSON object containing the access token and any applicable scopes.

Access tokens should be cached client-side in order to access protected resources that belong to the user. Tokens last for two weeks. If you need more information on how to fetch them, see the fetch endpoint.

Endpoints

This method offers the following endpoints:

Copy
REST Endpoints
GET/POST /<identity service URL>/oauth/userinfo?access_token=ACCESS_TOKEN

For more information on how to specify an endpoint as part of an actual URL, see Before You Begin. The procedure in this section includes a sample URL for a customer transaction.

Endpoint Parameters

Endpoint Parameter Description
access_token Required. String. Access token granted from the token endpoint.

Request Object

Not applicable.

Response Object

In addition to a status value-pair for the transaction, the response object contains the attributes shown in the sample below:

Copy
JSON Response
{
    "sub": "d2120b44-ab65-11e6-85b9-082889abf8c3",
    "email": "example_user@example.com",
    "name": "Example User",
    "gender": "m",
    "family_name": "bkl_Last",
    "given_name": "bkl_First",
    "dob": "1970-10-10",
    "zip_code": "85360",
    "country": "USA"
}            

The following table documents this object:

Response Attributes

Attribute Type Description
sub string Value from user_id.
email string Email associated with customer.
name string Name associated with customer.
gender string Gender of customer.
family_name string Family last name associated with customer.
given_name string First name associated with customer.
dob string Date of birth of customer.
zip_code string Zip code associated with customer.
country string Country associated with customer.

Statuses and Errors

When this method makes a successful call to the platform, it returns a 200-level status code. When the string returned with a 200-level status code is ok, the transaction did process. But, if the string returned is error, you need to discover what type of error occurred.

Returned errors can be either method-specific or generic. No error messages are defined for this method except for the generic statuses and errors returned for any object. For more information, see the associated section in Generic Statuses and Errors.

Log a Customer in with a User Name and Password

Logs a customer in with a user name and password, which would be collected by the client and sent to the identity server in exchange for an access token. This flow should only be used by trusted applications, as this makes phishing very easy. This requires a single API call to the token endpoint.

Endpoints

This method offers the following endpoints:

Copy
REST Endpoints
POST /<identity service URL>/oauth/token

For more information on how to specify an endpoint as part of an actual URL, see Before You Begin. The procedure in this section includes a sample URL for a customer transaction.

Endpoint Parameters

Endpoint Parameter Description
identity service URL Required. String. URL for identity service.

Request Object

When this method runs, it can take either parameters in the endpoint or a request object that contains the details shown below:

Copy
JSON Request
{

    "grant_type": "password",
    "email": "customer@acme.com",
    "password": "customer password",
    "client_id": "sample_client_id"
}            

The object's attributes are detailed in the following table:

Request Attributes for Token

Attribute Type
Required/Optional		 Description
grant_type String
Required		 Must be password.
email String
Required		 Customer's email.
password String
Required		 Customer's password.
client_id String
Required		 How the API identifies the application. Provides client ID that was specified during OAuth application setup.
scope String
Optional		 Scopes requested. User consent is inferred by providing username and password.

Response Object

In addition to a status value-pair for the transaction, the response object contains the attributes shown in the sample below:

Copy
JSON Response
{
    "access_token": "3403dda4e237da6fb18358a806e111b78c27765fc20465e78afe268b3bac6731",
    "token_type": "bearer",
    "expires_in": 7200,
    "refresh_token": "bd3fd47fdddb79f026e9f939215be49364c269834d16394c4a70c4546a82e22c",
    "scope": "openid profile email address phone",
    "created_at": 1480951282
}            

The following table documents this object:

Response Attributes

Attribute Type Description
access_token string String. Access token granted from the token endpoint.
token_type string Always set to bearer.
expires_in integer Number of seconds elapsed since created_at timestamp.
refresh_token string Refresh token from the original token request.
scope string The scope of the access request. This must be openid in order to retrieve an ID token.
created_at timestamp UNIX timestamp for when token was generated.

Statuses and Errors

When this method makes a successful call to the platform, it returns a 200-level status code. When the string returned with a 200-level status code is ok, the transaction did process. But, if the string returned is error, you need to discover what type of error occurred.

Returned errors can be either method-specific or generic. The platform returns the following error messages for this method:

Code Reason
invalid_request The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
unauthorized_client The client is not authorized to request an authorization code using this method.
access_denied The resource owner or authorization server denied the request.
unsupported_response_type The authorization server does not support obtaining an authorization code using this method.
invalid_scope The requested scope is invalid, unknown, or malformed.
server_error The authorization server encountered an unexpected condition that prevented it from fulfilling the request. (This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.)
temporarily_unavailable The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. (This error code is needed because a 503 Service Unavailable HTTP status code cannot be returned to the client via an HTTP redirect.)

For information on the generic statuses and errors returned for any object, see the associated section in Generic Statuses and Errors.

Request an ID Token for a Password Reset Email a Customer can Use to Reset their Password

Makes a request for an ID token to incorporate into a password reset link that can be emailed to a customer. Once received, the customer can use the reset link to update, or change, their password. Note that this endpoint must be called twice, each time with a different request object: once with the request object for the ID token, and then again with the request object for actually changing the password.

Endpoints

This method offers the following endpoints:

Copy
REST Endpoints
POST /priv/v1/apps/:api_key/users/:user_id/perform

For more information on how to specify an endpoint as part of an actual URL, see Before You Begin. The procedure in this section includes a sample URL for a customer transaction.

Endpoint Parameters

Endpoint Parameter Description
api_key Supplied by the SessionM Platform, the API key is necessary to authenticate any HTTP request to a SessionM API. This key is associated to an API secret, which ties the authentication to a specific application or web site within the organization. The platform maintains each application or site as a digital property, something that can be configured using the SessionM UI.
user_id Internal identifier for the customer within the SessionM Platform.

Request Objects

When this method runs, it can take either a sendPasswordResetEmail or a updatePassword object.

Request for Sending Password Reset Email
Copy
JSON Request
{
    "sendPasswordResetEmail":{
        "email": "test@example.com",
        "send_email": false
    }
}            

This object's attributes are detailed in the following table:

Request Attributes for Sending Password Reset Email

Attribute Type
Required/Optional		 Description
email string
required		 Customer's email address.
send_email boolean
required		 States whether or not email is to be sent: true to send email; false to not send email and only return tokens and links. Setting to false can be used for a manual send.
Request for Changing Password
Copy
JSON Request
{
    "updatePassword": {
        "token": "RmdTUWhUU0dSMkJVQTRqUGF1MG9tSS8zY0pya2thNE9kS0hvbTM4OFl2cz0tLXRzYUhoZHE4TFIxcjhEMlNKbjlhRjd1b0diOWswbXZFTmY0bER2cnFseW9PcW1lZFJlM2Y1MWdlWHRsV0x1YWRSaXN5V3VGanhVQjVXQmVQN0dxSk8wcWY2YXhZQ1pJbzVSOFJ4Z2hFa0xtUzFCWE9sNWl4NW5XL1RiVWp4NzF3ZHUwdE5BPT0=",
        "password": "Password1"
    }
}

This object's attributes are detailed in the following table:

Request Attributes for Updating Password

Attribute Type
Required/Optional		 Description
token string
required		 ID token associated with customer updating password.
password string
required		 New password.

Response Objects

In addition to a status value-pair for the transaction, the response contains a user object. The attributes vary depending on whether you're sending a password reset email or updating a password.

Response for Sending Password Reset Email
Copy
JSON Response
{
    "status": "ok",
    "user": {
        "send_email": false,
        "verification_string": "RmdTUWhUU0dSMkJVQTRqUGF1MG9tSS8zY0pya2thNE9kS0hvbTM4OFl2cz0tLXRzYUhoZHE4TFIxcjhEMlNKbjlhRjd1b0diOWswbXZFTmY0bER2cnFseW9PcW1lZFJlM2Y1MWdlWHRsV0x1YWRSaXN5V3VGanhVQjVXQmVQN0dxSk8wcWY2YXhZQ1pJbzVSOFJ4Z2hFa0xtUzFCWE9sNWl4NW5XL1RiVWp4NzF3ZHUwdE5BPT0=",
        "reset_link": "https://login-economy.stg-sessionm.com/c6b7e6f1ea04f6ad3e57cb84059865dfb0555b33/accounts/reset_password?token=RmdTUWhUU0dSMkJVQTRqUGF1MG9tSS8zY0pya2thNE9kS0hvbTM4OFl2cz0tLXRzYUhoZHE4TFIxcjhEMlNKbjlhRjd1b0diOWswbXZFTmY0bER2cnFseW9PcW1lZFJlM2Y1MWdlWHRsV0x1YWRSaXN5V3VGanhVQjVXQmVQN0dxSk8wcWY2YXhZQ1pJbzVSOFJ4Z2hFa0xtUzFCWE9sNWl4NW5XL1RiVWp4NzF3ZHUwdE5BPT0="
    }
}

The following table documents this object:

Response Attributes for Sending Password Reset Email

Attribute Type Description
send_email boolean States whether or not email is to be sent: true to send email; false to not send email and only return tokens and links. If set to false, can be used for a manual send.
verification_string string Verification string to be sent to the resetPassword endpoint - if done manually.
reset_link string Link to web page where a user can reset their password.
Response for Updating Password
Copy
JSON Response
{
    "status": "ok",
    "user": {}
}

Statuses and Errors

When this method makes a successful call to the platform, it returns a 200-level status code. When the string returned with a 200-level status code is ok, the transaction did process. But, if the string returned is error, you need to discover what type of error occurred.

Returned errors can be either method-specific or generic. No error messages are defined for this method except for the generic statuses and errors returned for any object. For more information, see the associated section in Generic Statuses and Errors.