See api-docs Menu
  1. Home >
  2. API >
  3. v1-v3 >
  4. Users >
  5. Set Password by ID Using Salt and SHA-256

v1-v3 APIs have been deprecated

Don't worry, these APIs are deprecated, but they aren't shut off yet.

All new development with APIs should use the newest version of our API: /1. API /1 is based on RESTful principles, is secured by OAuth 2.0, and provides JSON messages, search, pagination, sorting, and filtering.

Set Password by ID Using Salt and SHA-256

Resource URL

https://api.onelogin.com/api/v3/users/:id/
set_password.xml

Parameters

Content-Type

required

string

 Set to application/xml.

id

required

integer

 Set to the user ID of the user for which you want to set the password.

password

required

string

Set to the password value using a SHA-256-encoded value. If you are including your own <password_salt> value in your request, prepend the salt value to the cleartext password value before SHA-256-encoding it.

For example, if your salt value is 11xxxx1 and your cleartext password value is P@33w0rd1, the value you need to SHA-256-encode is 11xxxx1P@33w0rd1. The resulting SHA-256-encoded value would be 9fb8dc1cdabee85d13f5b4ba680a5e71cb8c80e78e5ffe8c01b698fa39346006.

This API cannot verify that the password value you supply meets the password complexity requirements set for the account. If you are concerned about this, use the cleartext version of this API. Using the cleartext version is comparable to using our in-browser, form-based Set Password functionality on top of an encrypted channel.

password_confirmation

required

string

 This value must match the password value.

password_algorithm

required

string

 Set to salt+sha256. Use lowercase characters only.

password_salt

string

To provide your own salt value, include this element. For example: 11xxxx1. If you provide your own salt value, prepend it to the password value before SHA-256-encoding it. See the password description above.

If instead you want OneLogin to provide the salt value, include a blank <password_salt> element or leave the element out of the request entirely.

Sample Response

  • 200 OK
  • 400 Bad Request
  • 404 Not Found
This request generates no response.
<error>
  <title>Invalid Request</title>
  <message>Validation failed: Password doesn't match confirmation, The two passwords 
           don't match</message>
</error>
<error>
  <title>Record Not Found</title>
  <message>No user found by id '11111'</message>
</error>

Sample cURL Request

Try it out with a test account first: Start off with using this cURL request with a test OneLogin account and API key. Once you’ve familiarized yourself with the API’s behavior, switch over to using your production OneLogin account and API key.

Be sure to replace placeholder values surrounded by { } with actual values.

curl -v -u {api_key}:x -X PUT -H "Content-Type: application/xml" \
-d '<user>
  <password>{password}</password>
  <password_confirmation>{password_confirmation}</password_confirmation>
  <password_salt>{salt}</password_salt>
  <password_algorithm>salt+sha256</password_algorithm>
</user>' \
https://api.onelogin.com/api/v3/users/{user_id}/set_password.xml

Postman Collection

Try it out with a test account first: Start off with using this Postman Collection with a test OneLogin account and API key. Once you’ve familiarized yourself with the API’s behavior, switch over to using your production OneLogin account and API key.

Replace sample variables indicated by { } in the sample request body with your actual values. Also, be sure to set Postman-specific environment variables indicated by {{ }}.

Download for the Users API

Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.