Skip to main content

POST /api/auth/check-password

Verifies that the provided password matches the authenticated user’s current password.

Authentication

Required. This endpoint requires authentication via the authenticate middleware. Include authentication token in the request headers.

Request Body

password
string
required
Current password to verify. Cannot be empty.

Request Example

{
  "password": "currentPassword123"
}

Response

message
string
Success message confirming password is correct.

Success Response (200 OK)

"Correct Password"

Error Responses

401 Unauthorized - Incorrect Password

{
  "error": "Current password not valid"
}

401 Unauthorized - No Authentication

{
  "error": "Unauthorized"
}

400 Bad Request - Validation Errors

{
  "errors": [
    {
      "msg": "Current password can not be empty",
      "param": "password"
    }
  ]
}

cURL Example

curl -X POST https://api.example.com/api/auth/check-password \
  -H "Authorization: Bearer YOUR_AUTH_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "password": "currentPassword123"
  }'

Notes

  • Requires valid authentication token in request headers
  • Useful before allowing password changes or sensitive operations
  • Password is validated against the hashed password in the database
  • Rate limiting is applied to this endpoint
  • Does not modify any user data

Build docs developers (and LLMs) love

Get started for freeTalk to us