Change Password

curl --request POST \
  --url https://api.example.com/api/auth/change-password \
  --header 'Content-Type: application/json' \
  --data '
{
  "currentPassword": "<string>",
  "newPassword": "<string>"
}
'

{
  "message": "Password changed successfully"
}

POST

api

auth

change-password

Change Password

curl --request POST \
  --url https://api.example.com/api/auth/change-password \
  --header 'Content-Type: application/json' \
  --data '
{
  "currentPassword": "<string>",
  "newPassword": "<string>"
}
'

{
  "message": "Password changed successfully"
}

This endpoint requires authentication. Include a valid JWT token in the Authorization header.

Request Body

currentPassword

string

required

User’s current password for verification

newPassword

string

required

New password (6-20 characters)

Response

message

string

Success confirmation message

Example Request

curl -X POST https://api.happyhabitat.com/api/auth/change-password \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -d '{
    "currentPassword": "OldPassword123",
    "newPassword": "NewSecurePass456"
  }'

Example Response

{
  "message": "Password changed successfully"
}

Authentication

This endpoint requires a valid JWT token obtained from the login endpoint. Include it in the Authorization header:

Authorization: Bearer <your-jwt-token>

The system will automatically identify the user from the token’s claims (specifically the NameIdentifier claim containing the user ID).

Validation Rules

CurrentPassword: Required, must match the user’s current password
NewPassword: Required, must be 6-20 characters
New password cannot be the same as the current password (depending on implementation)

Security Notes

The current password must be provided to prevent unauthorized password changes
Password strength requirements: minimum 6 characters, maximum 20 characters
Upon successful password change, existing tokens remain valid until expiration
Consider implementing additional security measures:
- Password complexity requirements
- Password history (prevent reuse of recent passwords)
- Rate limiting to prevent brute force attempts
- Email notification on password change

Error Codes

Status Code	Code	Description
400	`VALIDATION_ERROR`	Invalid or missing request parameters
400	`BAD_REQUEST`	Current password is incorrect
401	`UNAUTHORIZED`	Missing or invalid authentication token
500	`INTERNAL_ERROR`	Internal server error

Residents Overview

⌘I

Build docs developers (and LLMs) love

Get started for free Talk to us

Authentication

Residents

Communities

Amenities

Documents

Payments & Charges

Tickets

Vehicles & Pets

Visits

Announcements & Surveys

Error Handling

Change Password

Request Body

Response

Example Request

Example Response

Authentication

Validation Rules

Security Notes

Error Codes

Build docs developers (and LLMs) love

Authentication

Residents

Communities

Amenities

Documents

Payments & Charges

Tickets

Vehicles & Pets

Visits

Announcements & Surveys

Error Handling

​Request Body

​Response

​Example Request

​Example Response

​Authentication

​Validation Rules

​Security Notes

​Error Codes

Build docs developers (and LLMs) love

Request Body

Response

Example Request

Example Response

Authentication

Validation Rules

Security Notes

Error Codes