REST API Developer Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
Introduction to REST API
Quick Start
Examples
Getting Information About My Organization
Working with Object Metadata
Working with Records
Delete Lightning Experience Event Series
Working with Searches and Queries
Get an Image from a Rich Text Area Field
Insert or Update Blob Data
Get Blob Data
Working with Recently Viewed Information
Managing User Passwords
Manage User Passwords
Working with Approval Processes and Process Rules
Using Event Monitoring
Using Composite Resources
Generating an OpenAPI 3.0 Document for sObjects REST API (Beta)
Reference
PDF

Manage User Passwords

Use the sObject User Password resource to set, reset, or get information about a user password. Use the HTTP GET method to get password expiration status, the HTTP POST method to set the password, and the HTTP DELETE method to reset the password.

The associated session must have permission to access the given user password information. If the session does not have proper permissions, an HTTP error 403 response is returned from these methods.

These methods are available for both users and self-service users. For managing self-service user passwords, use SelfServiceUser instead of User in the REST API URL.

Here is an example of retrieving the current password expiration status for a user:

Example usage for getting current password expiration status
curl https://MyDomainName.my.salesforce.com/services/data/v64.0/sobjects/User/005D0000001KyEIIA0/password -H "Authorization: Bearer token"
Example request body for getting current password expiration status
None required
JSON example response body for getting current password expiration status
{
    "isExpired" : false
}
XML example response body for getting current password expiration status
<Password>
    <isExpired>false</isExpired>
</Password>
Example error response if session has insufficient privileges
{
    "message" : "You do not have permission to view this record.",
    "errorCode" : "INSUFFICIENT_ACCESS"
}

Here is an example of changing the password for a given user:

Example usage for changing a user password
curl https://MyDomainName.my.salesforce.com/services/data/v64.0/sobjects/User/005D0000001KyEIIA0/password -H "Authorization: Bearer token" —H "Content-Type: application/json" —d @newpwd.json —X POST
Contents for file newpwd.json
{
    "NewPassword" : "myNewPassword1234"
}
Example response for changing a user password
No response body on successful password change, HTTP status code 204 returned.
Example error response if new password does not meet organization password requirements
{
    "message" : "Your password must have a mix of letters and numbers.",
    "errorCode" : "INVALID_NEW_PASSWORD"
}

And finally, here is an example of resetting a user password:

Example usage for resetting a user password
curl https://MyDomainName.my.salesforce.com/services/data/v64.0/sobjects/User/005D0000001KyEIIA0/password -H "Authorization: Bearer token" —X DELETE
Example request body for resetting a user password
None required
JSON example response body for resetting a user password
{
    "NewPassword" : "2sv0xHAuM"
}
XML example response body for resetting a user password
<Result>
    <NewPassword>2sv0xHAuM</NewPassword>
</Result>