Skip to main content

Overview

The ResetEntry model is used to change the password of an existing short URL. This allows you to update security credentials or add/remove password protection from a previously created short URL.

When to Use

This model is used in:
  • POST /change_password - Update the password for an existing short URL

Schema Definition

url_code
string
required
The short code of the URL whose password you want to change.This must match an existing short URL in the system.
old_url_pass
string
required
The current password for the short URL.Authentication:
  • Must match the current password on record
  • Use empty string "" if the URL currently has no password
  • Required for verification before allowing password change
If the old password is incorrect, the request will be rejected
new_url_pass
string
required
The new password to set for the short URL.Validation Rules:
  • Must be 3-20 characters long (cannot be empty)
  • Must be different from old_url_pass
  • Standard password validation applies (same as url_pass in URLEntry)
Unlike URLEntry, this field cannot be empty - use a different endpoint to remove password protection

Example JSON

{
  "url_code": "my-link",
  "old_url_pass": "secret123",
  "new_url_pass": "newsecret456"
}

Validation Rules

New Password Must:
  • Be at least 3 characters long
  • Not exceed 20 characters
  • Be different from the old password
Valid Examples:
  • "abc" (minimum length)
  • "my-secure-pass-2024" (maximum length: 20 chars)
  • "P@ssw0rd!" (special characters allowed)
Invalid Examples:
  • "ab" (too short)
  • "this-is-a-very-long-password-string" (too long)
  • Same value as old_url_pass (must be different)
The old_url_pass field is used for authentication:
  • If the URL has a password, provide the correct current password
  • If the URL has no password, provide an empty string ""
  • Incorrect old password will result in 401 Unauthorized error

Use Cases

Common Password Change Scenarios:
  1. Security Breach - Change password if you suspect unauthorized access
  2. Add Protection - Add a password to a previously public short URL
  3. Credential Rotation - Periodically update passwords for security
  4. Share Access - Change to a new password when sharing with different users

Response

Successful password change returns: 
{
  "message": "Password changed successfully",
  "url_code": "my-link"
}
After changing the password, you’ll need to login again with the new password to get a fresh access token

Error Cases

Common Errors:
  • 404 Not Found - The url_code doesn’t exist
  • 401 Unauthorized - Incorrect old_url_pass
  • 400 Bad Request - New password validation failed (too short, too long, or same as old)
  • 403 Forbidden - Token is invalid or expired (if using token-based auth)

Security Best Practices

  1. Use Strong Passwords - Combine letters, numbers, and special characters
  2. Avoid Reuse - Don’t reuse old passwords
  3. Regular Rotation - Change passwords periodically for sensitive links
  4. Secure Transmission - Always use HTTPS for password change requests
  5. Token Management - Obtain a new access token after password change

Alternative: Removing Password Protection

This endpoint requires a non-empty new_url_pass. To remove password protection entirely, you may need to:
  • Delete and recreate the URL without a password, or
  • Use a different endpoint if available for removing protection

Build docs developers (and LLMs) love

Get started for freeTalk to us