Glue API: Manage customer passwords

Last updated:
Edit on GitHub

The endpoints in this document allows you to manage customer passwords. You can change or reset a password.

Installation

For details on the modules that provide the API functionality and how to install them, see Install the Customer Access Glue API.

Change a customer’s password

To change a customer’s password, send the request:

PATCH /customer-password/{{customerReference}}

PATH PARAMETER DESCRIPTION
{{customerReference}} Customer reference that identifies the customer you want to update the password for. Should be the reference of customer the current access token is generated for.

Request

HEADER KEY HEADER VALUE REQUIRED DESCRIPTION
Authorization string Alphanumeric string that authenticates the customer you want to change the password of. Get it by authenticating as a customer.

Request sample: change a customer’s password

PATCH http://glue.mysprykershop.com/customer-password/DE--21

{
    "data": {
        "type": "customer-password",
        "id": "DE--21",
        "attributes": {
            "password": "change123",
            "newPassword": "321egnahc",
            "confirmPassword": "321egnahc"
        }
    }
}
ATTRIBUTE TYPE REQUIRED DESCRIPTION
password String Specifies old password of a customer.
newPassword String Specifies the new password.
confirmPassword String Specifies password confirmation for password change.

Response

If password is changed successfully, the endpoint returns the 204 No Content status code.

Reset a customer’s password

To reset a customer’s password, you need to send several requests to different endpoints. To do that, follow the procedure below.

1. Request a password reset key

To request a password reset key, send the request:

POST /customer-forgotten-password

Request

Request sample: request a password reset key

POST https://glue.mysprykershop.com/customer-forgotten-password

{
  "data": {
    "type": "customer-forgotten-password",
    "attributes": {
        "email":"sonia@spryker.com"
    }
  }
}

Response

If the request is successful, the endpoint returns the 204 No Content status code and the key is sent to the customer’s email address.

2. Set a new password

To set a new password, send the request:

PATCH /customer-restore-password/{{restorePasswordKey}}

PATH PARAMETER DESCRIPTION
{{restorePasswordKey}} This key can be any value, and does not have to be equal to data.attributes.restorePasswordKey. data.attributes.restorePasswordKey will be used for any operations with the customer’s password.

Request

Request sample: set a new password

PATCH https://glue.mysprykershop.com/customer-restore-password/98ffa3ecccac2b7f0815e0417784cd54

{
  "data": {
    "type": "customer-restore-password",
    "id": "98ffa3ecccac2b7f0815e0417784cd54",
    "attributes": {
        "restorePasswordKey": "98ffa3ecccac2b7f0815e0417784cd54",
        "password": "wwfh234fr943434cf",
        "confirmPassword": "wwfh234fr943434cf"
    }
  }
}
ATTRIBUTE TYPE REQUIRED DESCRIPTION
restorePasswordKey String Unique the Password Reset Key provided in the email sent to the customer.
password String Specifies the password to set.
passwordConfirmation String Specifies a password confirmation for password change.

Response

If the password reset is successful, the endpoint returns the 204 No Content status code.

Possible errors

CODE REASON
002 Access token is missing.
404 Customer with the specified ID is not found.
406 New password and password confirmation do not match.
407 Password change failed.
408 Old password is invalid.
411 Unauthorized request.
415 Password Reset Key is invalid.
420 The password character set is invalid.
422 newPassword and confirmPassword values are not identical.
901 newPassword and confirmPassword are not specified; or the password length is invalid (it should be from 8 to 64 characters).

To view generic errors that originate from the Glue Application, see Reference information: GlueApplication errors.

Next steps

Authenticate as a customer