API Reference/Passwords
POST
/v1/auth/password/replace

Authorization

AuthorizationRequiredBearer <token>

In: header

Request Body

application/jsonRequired
loginIdstring
oldPasswordstring
newPasswordstring
revokeOtherSessionsboolean
curl -X POST "https://api.descope.com/v1/auth/password/replace" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "loginId": "string",
    "oldPassword": "string",
    "newPassword": "string",
    "revokeOtherSessions": true
  }'

OK

{
  "sessionJwt": "string",
  "refreshJwt": "string",
  "cookieDomain": "string",
  "cookiePath": "string",
  "cookieMaxAge": 0,
  "cookieExpiration": 0,
  "user": {
    "loginIds": [
      "string"
    ],
    "userId": "string",
    "name": "string",
    "email": "string",
    "phone": "string",
    "verifiedEmail": true,
    "verifiedPhone": true,
    "roleNames": [
      "string"
    ],
    "userTenants": [
      {
        "tenantId": "string",
        "roleNames": [
          "string"
        ],
        "tenantName": "string"
      }
    ],
    "status": "string",
    "externalIds": [
      "string"
    ],
    "picture": "string",
    "test": false,
    "customAttributes": {},
    "createdTime": 0,
    "TOTP": false,
    "SAML": false,
    "OAuth": {
      "property1": false,
      "property2": false
    },
    "webauthn": true,
    "password": true,
    "ssoAppIds": [
      "string"
    ],
    "givenName": "string",
    "middleName": "string",
    "familyName": "string",
    "editable": true,
    "SCIM": true
  },
  "firstSeen": true,
  "idpResponse": {
    "samlResponse": "string",
    "samlGeneratedUser": "string",
    "samlGeneratedRoles": "string",
    "oidcResponse": "string",
    "oidcGeneratedUser": "string",
    "oidcGeneratedRoles": "string",
    "idpGroups": [
      "string"
    ]
  },
  "sessionExpiration": 0
}

Was this helpful?

Sign-In User POST

### Sign-In an existing user utilizing password authentication. This endpoint will return the user's JWT. ### Next Steps Verify the user's email to allow for password reset by updating the email via [OTP](/api/otp/email/update-email), [Enchanted Link](/api/enchanted-link/update-email), or [Magic Link](/api/magic-link/email/update-email) Add tenants to the user via [Update User Add Tenant](/api/management/users/update-user-add-tenant) Add roles to the user via [Update User Add Role](/api/management/users/update-user-add-roles) ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email addresses and phone number. - Use the [Sign-Up](/api/passwords/sign-up) endpoint to sign-up a new end user. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <Project ID>`

Update Password POST

### Update the user's password of an existing user utilizing the password API. ### Next Steps Sign the user in with their new password via [Sign-In](/api/passwords/sign-in) ### See Also - See [The User Object](/api/overview#the-user-object) for further details on how to identify users and their contact information such as email addresses and phone number. - You can also utilize [Replace Password](/api/passwords/replace-password) or [Reset Password](/api/passwords/email/password-reset) as alternatives to change a user's password. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <Project ID:Refresh JWT>`