B2B Saas Authentication

/

API reference

/

Passwords

/

Reset Options

/

Password reset by existing password

Existing reset

POSThttps://test.stytch.com/v1/b2b/passwords/existing_password/reset

Reset the member’s password using their existing password.

This endpoint adapts to your Project's password strength configuration. If you're using zxcvbn, the default, your passwords are considered valid if the strength score is >= 3. If you're using LUDS, your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the stytch dashboard.

If the Member is required to complete MFA to log in to the Organization, the returned value of member_authenticated will be false, and an intermediate_session_token will be returned. The intermediate_session_token can be passed into the OTP SMS Authenticate endpoint to complete the MFA step and acquire a full member session. The session_duration_minutes and session_custom_claims parameters will be ignored.

If a valid session_token or session_jwt is passed in, the Member will not be required to complete an MFA step.

Note that a successful password reset via an existing password will revoke all active sessions for the member_id.


Body parameters


organization_id*string

email_address*string

existing_password*string

new_password*string

session_tokenstring

session_jwtstring

session_duration_minutesint

session_custom_claimsmap<string, any>

localestring

Response fields


request_idstring

status_codeint

memberobject

member_authenticatedboolean

intermediate_session_tokenstring

mfa_requiredobject

primary_requiredobject

member_idstring

session_tokenstring

session_jwtstring

member_sessionobject

organizationobject
curl --request POST \
  --url https://test.stytch.com/v1/b2b/passwords/existing_password/reset \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "email_address": "sandbox@stytch.com",
    "existing_password": "old_password",
    "new_password": "%mzfj0tHl+T9vDpR",
    "organization_id": "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931"
  }'

RESPONSE

200
{
    "intermediate_session_token": "",
    "member": {...},
    "member_authenticated": true,
    "mfa_required": null,
    "primary_required": null,
    "member_id": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
    "member_session": {...},
    "organization": {...}
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "session_jwt": "example_jwt",
    "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
    "status_code": 200
}

Common Error Types