Manage User Passwords

Use the sObject User Password resource to set, reset, or get information about a user password. Use the HTTP GET method to get password expiration status, the HTTP POST method to set the password, and the HTTP DELETE method to reset the password.

The associated session must have permission to access the given user password information. If the session does not have proper permissions, an HTTP error 403 response is returned from these methods.

These methods are available for both users and self-service users. For managing self-service user passwords, use SelfServiceUser instead of User in the REST API URL.

Here is an example of retrieving the current password expiration status for a user:

Example usage for getting current password expiration status
curl https://MyDomainName.my.salesforce.com/services/data/v64.0/sobjects/User/005D0000001KyEIIA0/password -H "Authorization: Bearer token"
Example request body for getting current password expiration status
None required
JSON example response body for getting current password expiration status
{
    "isExpired" : false
}
XML example response body for getting current password expiration status
<Password>
    <isExpired>false</isExpired>
</Password>
Example error response if session has insufficient privileges
{
    "message" : "You do not have permission to view this record.",
    "errorCode" : "INSUFFICIENT_ACCESS"
}

Here is an example of changing the password for a given user:

Example usage for changing a user password
curl https://MyDomainName.my.salesforce.com/services/data/v64.0/sobjects/User/005D0000001KyEIIA0/password -H "Authorization: Bearer token" —H "Content-Type: application/json" —d @newpwd.json —X POST
Contents for file newpwd.json
{
    "NewPassword" : "myNewPassword1234"
}
Example response for changing a user password
No response body on successful password change, HTTP status code 204 returned.
Example error response if new password does not meet organization password requirements
{
    "message" : "Your password must have a mix of letters and numbers.",
    "errorCode" : "INVALID_NEW_PASSWORD"
}

And finally, here is an example of resetting a user password:

Example usage for resetting a user password
curl https://MyDomainName.my.salesforce.com/services/data/v64.0/sobjects/User/005D0000001KyEIIA0/password -H "Authorization: Bearer token" —X DELETE
Example request body for resetting a user password
None required
JSON example response body for resetting a user password
{
    "NewPassword" : "2sv0xHAuM"
}
XML example response body for resetting a user password
<Result>
    <NewPassword>2sv0xHAuM</NewPassword>
</Result>