Resetting a user's password

API BaaS provides a standard password reset flow that can be implemented to allow a user to reset their password without having to provide their old password. The most common use of this would be a 'Forgot password?' feature in your app.

Note that you can also implement your own password reset flow using application-level authentication and the /password endpoint. For more, see Changing a user password.

To use the API BaaS password reset flow, do the following:

  1. Get the password reset request form.

    Make a GET request to the following:

    /users/<username>/resetpw

    For example, using cURL, a request to reset the password for a user with username 'someUser' would look like this:

    curl -x GET https://api.usergrid.com/your-org/your-app/users/someUser/resetpw
  2. Display the returned password reset request form to the user.

    The request to /resetpw will return the HTML for the standard API BaaS password reset request form that you will display to your user. The request form requires the users to provide their username as well as answer a standard CAPTCHA challenge:

    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>Reset Password</title>
    <link rel="stylesheet" type="text/css" href="/css/styles.css" />
    </head>
    <body>
    	<div class="dialog-area">
    		
    		<form class="dialog-form" action="" method="post">
    			<fieldset>
    				<p>
    					Enter the captcha to have your password reset instructions sent to
    					someUser@adomain.com
    				</p>
    				<p id="human-proof"></p>
    				<script type="text/javascript" src="https://www.google.com/recaptcha/api/challenge?k=6LdSTNESAAAAAKHdVglHmMu86_EoYxsJjqQD1IpZ"></script>
    
    				<p class="buttons">
    					<input type="submit" value="submit" />
    				</p>
    			</fieldset>
    		</form>
    	</div>
    </body>
    </html>
    		

    You can apply any additional styling you wish to the form to make it match the style of your app before displaying it to the user.

  3. Let Apigee handle the rest!

    Once the user submits the form with their username, they will receive an email from Apigee that contains a link to the password reset form, where they can specify a new password. The user entity will be updated immediately.

Help or comments?

  • Something's not working: See Apigee Support
  • Something's wrong with the docs: Click Send Feedback in the lower right.
    (Incorrect? Unclear? Broken link? Typo?)