Password APIs

Overview

Using the password APIs is single phase for Sign-Up and Sign-In. Upon successful authentication, the user will be logged in and the user's JWT will be returned. When resetting the password reset, the user will need to verify via email. The password reset endpoint will only succeed if the user has a validated email address.

Use Cases

  1. Sign-Up a new user via password authentication
  2. Sign-In an existing user via password authentication
  3. Initiate a password reset.
  4. Replace an existing user's password
  5. Update an existing user's password

Examples

Example - user sign-up via password

  1. Utilize the Sign-Up api endpoint. Upon successful sign-up, the user's JWT will be returned.

Example - reset user's password

  1. Utilize the Reset Password api endpoint.
  2. The user will receive a reset password email and you will then need to verify the user after the password reset is sent via email, this would need to be done via Verify Magic Link.

Example - update user's password

  1. Utilize the user's refresh token and update the user's password via Update Password
Was this helpful?

Exchange Code POST

### Exchange OAuth code for Descope user session This endpoint will exchange the OAuth code for the Descope session information needed for managing the end user session. Call this endpoint from your code flow that responds to the `url` that was returned by the [Sign-In](/api/oauth/sign-up-sign-in) endpoint. The unique code `<unique-code\>` is appended as a URL parameter: `code=<unique-code\>`, for example, `url = https://oauth.mycompany.com/shopping.htm?code=<unique-code\>`. ### Next Steps 1. Extract the unique code `<unique-code\>` from the URL parameter. 2. Call this endpoint, passing the `<unique-code\>` as the request parameter The response object includes the session JWT (sessionJwt) and refresh JWT (refreshJwt) when this endpoint completes successfully. ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email addresses and phone number. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <Project ID>`

Sign-Up User POST

### Sign-Up a new user utilizing password authentication. This endpoint will return the user's JWT. ### Next Steps Verify the user's email to allow for password reset by updating the email via [OTP](/api/otp/email/update-email), [Enchanted Link](/api/enchanted-link/update-email), or [Magic Link](/api/magic-link/email/update-email) Add tenants to the user via [Update User Add Tenant](/api/management/users/update-user-add-tenant) Add roles to the user via [Update User Add Role](/api/management/users/update-user-add-roles) ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email addresses and phone number. - Use the [Sign-In](/api/passwords/sign-in) endpoint to sign-in an existing end user. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <Project ID>`

On this page