Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

REST service: HTTP code for forcing a change of password

Tags:

rest

http

http-status-codes

What is the correct HTTP status code that should be returned by a REST service when:

  1. The user has attempted to login with a first-time computer-generated password;
  2. The password provided by user is correct;
  3. The user must change the password before he/she can continue to do anything.
like image 624
Jai Avatar asked Aug 17 '17 05:08

Jai

People also ask

What is a 201 status code?

The HTTP 201 Created success status response code indicates that the request has succeeded and has led to the creation of a resource.

How do I reset my API password?

First, create a password recovery email, which includes a link (and recovery token) specific to this end user. Then, the end user can follow the link to a web page in Epicenter where they can reset their password. Alternatively, you can also use the Password API with this recovery token to update the password directly.

1 Answers

TLDR;

There is no built-in way of doing this. You will have to rely on home-made status codes and conventions.

I don't think that there is a built-in HTTP status code for a such thing.

All you can really do here is to return a 200 OK response and add in the content of the response body a message/code telling the user that they need to change their password. If they don't, the next time they attempt to login with the single-use password they should get a 401 unauthorized (and you can return in the body of the 401 a message telling them to change their password because they attempted to use an expired single-use password).

like image 97
Mathieu VIALES Avatar answered Oct 14 '22 08:10

Mathieu VIALES
Sign in to Comment

Related questions

How to get Restful API up and running using Wt
Dropwizard Integrated Testing with TestResource
RESTful API behavior for entitys with two independent primary keys
What is the proper media-type for HAL+JSON?
Using HTTP DELETE method to cancel an action in progress
Data Management / CRUD Generator AngularJS
Creating JIRA issue using curl from command line
Best practice for RESTFull Web services and file download
Why would ETags set to a MUST requirement if you already have the resource?
How to test a REST service that uses JWT in SoapUI?
How to use one to many models in Django rest framework
Getting whole query string from REST GET service call
REST design for "related" resources
What specifically should the domain be for NTLM authentication when using python-requests library?
Simple rest with undertow
In a java REST API, using PATCH vs PUT to update an entity
Magento 2 - REST API PUT product
swagger-codegen client: How to include jackson annotations on models
Do I need a separate object for every @RequestBody in Spring Boot
GoLang send file via POST request

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!