POST Identity/SetPassword

Rotates a password for an identity. Password rotation for a group account is not supported. Password rotation for any account that is managed by an external identity provider, such as Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) is not supported.

Requirements

  • Permissions:  Caller permissions depend on the identity that is receiving the password change.
    • For password changes to the caller's own self identity, the caller is not required to have any special permissions.
    • For password changes to another identity, the caller must have Master Admin permission. An error occurs if the caller, who lacks Master Admin permission, tries to change another user's password.
  • Token scope:  Security:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

ID

 Identity Information that describes a user or group. To get this information, call POST Identity/Browse or the UI.

OldPassword

Required only when the caller's password is changing and the caller does not have Master Admin permission. Otherwise, this parameter is optional.

Password

The new password for a local identity. The value can not be the same as OldPassword.

Create a strong password by using a

  • minimum of 12 characters
  • combination of at least three of the following:
    • one or more lowercase letters
    • one or more uppercase letters
    • one or more numbers
    • one or more special characters

Returns

For invalid syntax, passwords, or permissions, the method returns a HTTP 400 Bad Request. If the password rotation is successful, SetPassword returns a HTTP 200 and the following information:

Response description

Name

Description

Values

An Identity Entry object for the ID.

Example: Master Admin changes a person's password

Request

POST https://tpp.venafi.example/vedsdk/Identity/SetPassword
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "ID":{
      "PrefixedName":"local:JohnDoe"
   },
   "Password":"HisNewPassw0rd!"
}

Response

HTTP/1.1 200 OK
{
   "ID":{
      "FullName":"\\VED\\Identity\\admin",
      "Name":"admin",
      "Prefix":"local",
      "PrefixedName":"local:admin",
      "PrefixedUniversal":"local:{b6e6a98b-6419-4497-9249-860d136dfba0}",
      "Type":1,
      "Universal":"{b6e6a98b-6419-4497-9249-860d136dfba0}"
   }
}