# Validate a password

Check that a password adheres to all complexity checks.

Endpoint: POST /passwords/validate
Version: 3.63.5
Security: api-key

## Request fields (application/json):

  - `password` (object, required)
    The user's password or passcode used to log in a user.
Passwords must be:
  - minimum 8 characters for end-users (Consumers and Corporates); 12 characters for others
  - maximum 30 characters
  - include a lowercase character
  - include an uppercase character
  - include a digit and a special character
  - different from any of the 5 last such passwords used.

For non-PCI compliant integrations, the password submitted must be tokenised.

  - `password.value` (string, required)

## Response 400 fields (application/json):

  - `message` (string)
    When present helps to identify and fix the problem.

  - `syntaxErrors` (object)
    Is returned as part of an HTTP error response whenever a syntax error is detected. A list of the fields together with their syntax error will be provided.

  - `syntaxErrors.invalidFields` (array)

  - `syntaxErrors.invalidFields.params` (array)

  - `syntaxErrors.invalidFields.fieldName` (string)

  - `syntaxErrors.invalidFields.error` (string)
    Enum: "REQUIRED", "HAS_TEXT", "REQUIRES", "SIZE", "RANGE", "IN", "NOT_IN", "REGEX", "EXACTLY", "AT_LEAST", "AT_MOST", "ALL_OR_NONE"

## Response 404 fields (application/json):

  - `errorCode` (string)
    Enum: "TOKEN_EXPIRED", "TOKEN_NOT_FOUND"

## Response 409 fields (application/json):

  - `errorCode` (string)
    Enum: "UNRESOLVED_IDENTITY", "PASSWORD_PROFILE_NOT_CONFIGURED_FOR_CREDENTIAL_TYPE", "PASSWORD_TOO_SHORT", "PASSWORD_TOO_LONG", "PASSWORD_TOO_SIMPLE"

## Response 410 fields (application/json):

  - `errorCode` (string)
    Enum: "TOKEN_EXPIRED", "TOKEN_NOT_FOUND"

## Response default fields (application/json):

  - `code` (string)

  - `message` (string)


## Response 204 fields

## Response 401 fields

## Response 403 fields

## Response 429 fields

## Response 500 fields

## Response 503 fields