# Update a password Update the password for the logged-in user. Endpoint: POST /passwords/update Version: 3.63.5 Security: auth_token, api-key ## Request fields (application/json): - `oldPassword` (object, required) The user's password or passcode used to log in a user. Passwords must be: - minimum 8 characters for end-users (Consumers and Corporates); 12 characters for others - maximum 30 characters - include a lowercase character - include an uppercase character - include a digit and a special character - different from any of the 5 last such passwords used. For non-PCI compliant integrations, the password submitted must be tokenised. - `oldPassword.value` (string, required) - `newPassword` (object, required) The user's password or passcode used to log in a user. Passwords must be: - minimum 8 characters for end-users (Consumers and Corporates); 12 characters for others - maximum 30 characters - include a lowercase character - include an uppercase character - include a digit and a special character - different from any of the 5 last such passwords used. For non-PCI compliant integrations, the password submitted must be tokenised. ## Response 200 fields (application/json): - `passwordInfo` (object) Additional information related to the user's password. - `passwordInfo.identityId` (object, required) The identity to which the user's password information belongs to. - `passwordInfo.identityId.type` (string, required) Indicates the identity type. Enum: "CONSUMER", "CORPORATE" - `passwordInfo.identityId.id` (string, required) The identifier for the identity. - `passwordInfo.expiryDate` (integer) The millisecond timestamp indicating when the password will expire. If 0, then this password will not expire. - `token` (string) The authorisation token to be used in the Authorization header for secured operations. ## Response 400 fields (application/json): - `message` (string) When present helps to identify and fix the problem. - `syntaxErrors` (object) Is returned as part of an HTTP error response whenever a syntax error is detected. A list of the fields together with their syntax error will be provided. - `syntaxErrors.invalidFields` (array) - `syntaxErrors.invalidFields.params` (array) - `syntaxErrors.invalidFields.fieldName` (string) - `syntaxErrors.invalidFields.error` (string) Enum: "REQUIRED", "HAS_TEXT", "REQUIRES", "SIZE", "RANGE", "IN", "NOT_IN", "REGEX", "EXACTLY", "AT_LEAST", "AT_MOST", "ALL_OR_NONE" ## Response 404 fields (application/json): - `errorCode` (string) Enum: "TOKEN_EXPIRED", "TOKEN_NOT_FOUND" ## Response 409 fields (application/json): - `errorCode` (string) Enum: "PASSWORD_ALREADY_USED", "PASSWORD_TOO_SHORT", "PASSWORD_TOO_LONG", "PASSWORD_TOO_SIMPLE", "PASSWORD_INCORRECT" ## Response 410 fields (application/json): - `errorCode` (string) Enum: "TOKEN_EXPIRED", "TOKEN_NOT_FOUND" ## Response default fields (application/json): - `code` (string) - `message` (string) ## Response 401 fields ## Response 403 fields ## Response 429 fields ## Response 500 fields ## Response 503 fields