/
Contact usSee pricingStart building
    Overview
    iOS SDK reference
    Android SDK reference

    React Native SDK reference

    Installation
    Changelog
    Configuration
    Pre-built UI
      UI Configuration
    Users
      Get user
      Update user
      Delete authentication factors
    RBAC
      Is Authorized
      Permissions
    Email Magic Links
      Send
      Login or create
      Authenticate
    OAuth
      Start
      Authenticate
    Passwords
      Create
      Authenticate
      Reset by Email Start
      Reset by Email
      Strength Check
    One-time Passcodes (OTP)
      Login or create via SMS
      Send via SMS
      Login or create via Email
      Send via Email
      Login or create via WhatsApp
      Send via WhatsApp
      Authenticate
    Time-Based One-Time Passcodes (TOTP)
      Create
      Authenticate
      Get Recovery Codes
      Recover
    Session Management
      Get Session
      Authenticate Session
      Revoke Session
      Update Session
      Get Tokens
    Passkeys & WebAuthn
      Register
      Authenticate
      Update
    Biometrics
      Introduction
      Register
      Authenticate
      Keystore available
      Registration available
      Remove registration
      Get sensor
      Errors
    Device Fingerprinting
      Get telemetry ID
    More Resources
      SWR & caching
      Deep linking
      Android KeyStore considerations
Get support on SlackVisit our developer forum

Contact us

Consumer Authentication

/

Mobile SDKs

/

React Native SDK reference

/

Passwords

/

Strength Check

Strength check

The strengthCheck method wraps the Strength Check Password API endpoint.

This method allows you to check whether or not the user’s provided password is valid, and to provide feedback to the user on how to increase the strength of their password. All passwords must pass the strength requirements to be accepted as valid.


Method parameters


password* string

The password for the user. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.


email string

The email associated with the password. If the email address is included, it will be factored into strength evaluation via our password breach checks. If you do not include the email, it is possible that the strength check response will evaluate as valid – but the password will fail with a weak_password error when used in the Create password endpoint due to a breach check failure.


Response fields


request_id string

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.


status_code int

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.


breach_detection_on_create boolean

Will return true if breach detection will be evaluated. By default this option is enabled. This option can be disabled by contacting support@stytch.com. If this value is false then breached_password will always be false as well.


breached_password boolean

Returns true if the password has been breached. Powered by HaveIBeenPwned.


score int

The score of the password determined by zxcvbn. Values will be between 1 and 4, a 3 or greater is required to pass validation.


strength_policy string

The strength policy type enforced, either zxcvbn or luds.


valid_password boolean

Returns true if the password passes our password validation. We offer two validation options, zxcvbn is the default option which offers a high level of sophistication. We also offer LUDS. If an email address is included in the call we also require that the password hasn't been compromised using built-in breach detection powered by HaveIBeenPwned.

import React, { useCallback } from 'react';
import { Text, TouchableOpacity, View } from 'react-native';
import { useStytch } from '@stytch/react-native';

export const Login = () => {
  const stytch = useStytch();

  const strengthCheck = useCallback(() => {
    stytch.passwords.strengthCheck({
      email: '${exampleEmail}',
      password: 'xuEvs9sBi8I4x8rCXJPZ',
    });
  }, [stytch]);

  return (
    <View>
      <TouchableOpacity onPress={strengthCheck}>
        <Text>Strength Check</Text>
      </TouchableOpacity>
    </View>
  );
};
RESPONSE 200 - LUDS invalid
200 - LUDS invalid
​
{
    "breach_detection_on_create": true,
    "breached_password": false,
    "feedback": {
      "suggestions": null,
      "warning": null,
      "luds_requirements": {
        "has_digit": true,
        "has_lower_case": false,
        "has_symbol": false,
        "has_upper_case": false,
        "missing_characters": 6,
        "missing_complexity": 1
      }
    },
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "score": 0,
    "status_code": 200,
    "strength_policy": "luds",
    "valid_password": false
}
RESPONSE 200 - LUDS valid
200 - LUDS invalid
​
{
    "breach_detection_on_create": true,
    "breached_password": false,
    "feedback": {
      "suggestions": null,
      "warning": null,
      "luds_requirements": {
        "has_digit": true,
        "has_lower_case": true,
        "has_symbol": true,
        "has_upper_case": true,
        "missing_characters": 0,
        "missing_complexity": 0
      }
    },
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "score": 0,
    "status_code": 200,
    "strength_policy": "luds",
    "valid_password": true
}
RESPONSE 200 - zxcvbn invalid
200 - LUDS invalid
​
{
    "breach_detection_on_create": true,
    "breached_password": false,
    "feedback": {
      "luds_requirements": null,
      "suggestions": [
        "Add another word or two. Uncommon words are better."
      ],
      "warning": "This is a top-100 common password."
    },
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "score": 0,
    "status_code": 200,
    "strength_policy": "zxcvbn",
    "valid_password": false
}
RESPONSE 200 - zxcvbn valid
200 - LUDS invalid
​
{
    "breach_detection_on_create": true,
    "breached_password": false,
    "feedback": {
      "luds_requirements": null,
      "suggestions": [],
      "warning": null
    },
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "score": 4,
    "status_code": 200,
    "strength_policy": "zxcvbn",
    "valid_password": true
}
RESPONSE 500 - Failure
200 - LUDS invalid
​
{
  "status_code": 500,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "internal_server_error",
  "error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
  "error_url": "https://stytch.com/docs/api/errors/500"
}