Lost password procedure
- Jasper Verfaillie
The lost password procedure allow the user to specify a new password with a mail exchange.
Itis split into three calls :
Password Start. This one initiate the procedure by sending a mail to the customer (see mail configuration). It provides a link to your website with the customerID and a validation key as parameters.
Password Check. When arriving on your website, you'll have to check the validation key provided in order to let the customer access the password retrieving interface. That's the purpose of this call.
Password Change. Now, by calling this last service and giving it the customerID and the validation key again, plus the new required password (encrypted), it will be updated by our side.
The password provided have to be encrypted and salted. Ask us directly for the encryption algorithm.
Password Start
Initiate the procedure by sending a mail to the customer. See mail configuration for more information.
Example
Request
HTTP Verb : GET
URL : http://{WS_URL}/api/{returnType}/{domainCode}/customer/passwordStart
Parameters | Location | Type | Required | Default | Accepted |
|---|---|---|---|---|---|
login | URL | String |
|
|
|
URL | String |
|
|
|
Login AND email are not required, but at least one is needed.
Response
Success
{
"response": {
"success": true
"message": "lost password mail sent"
}
}Error
{
"response": {
"success": false
"code": 10
"message": "user not found"
}
}Codelist
Code | Success | Message |
|---|---|---|
0 | v | lost password mail sent |
1 |
| domaincode malformed |
2 |
| connexion error |
10 |
| user not found |
10 |
| at least one of login or email has to be given |
99 |
| uncatched exception |
Password Check
The link provided in the lost password mail will make the customer land on your website. See mail configuration for more information.
Then, you retrieve the parameters given - user and validation key - and make the check on it. If the key is validated, the change password form may be displayed.
the user and the validation key parameters will have to be given in the next call, so they should be included in the change password form.
Example
Request
HTTP Verb : GET
URL : http://{WS_URL}/api/{returnType}/{domainCode}/customer/passwordCheck
Parameters | Location | Type | Required | Default | Accepted |
|---|---|---|---|---|---|
user | URL | long | v |
| customerID |
validationKey | URL | String(26) | v |
| validation key |
Response
Success
{
"response": {
"success": true
"code": 0
"message": "validation key match"
}
}Error
Codelist
Code | Success | Message |
|---|---|---|
0 | v | password changed |
1 |
| domaincode malformed |
2 |
| connexion error |
9 |
| {param} is not {type} {(or undefined)} |
10 |
| user not found |
11 |
| validation key doesn't match - may be outdated |
99 |
| uncatched exception |
Password Change
Last call of the procedure. After that call being validated, the URL provided in the mail won't be usable anymore - it's bound to the current password.
Example
https://wsmedia.tlsecure.com/api/json/00000/customer/passwordChange
Request
HTTP Verb : PUT
URL : http://{WS_URL}/api/{returnType}/{domainCode}/customer/passwordChange
Parameters | Location | Type | Required | Default | Accepted |
|---|---|---|---|---|---|
token | Header | String(26) |
|
|
|
Content-Type | Header | String | v | application/x-www-form-urlencoded |
|
user | Form | long | v |
| customerID |
validationKey | Form | String(26) | v |
| validation key |
password | Form | String(26) | v |
| new password |
The new password must be different from the previous one.
The new password have to be encrypted and salted before beeing sent. Ask us directly for the encryption algorithm.
The token isn't required. But if it's provided at this step, and it doesn't belong to a registred customer, the current one will be authenticated automatically.
Response
Success
Error
Codelist
Code | Success | Message |
|
|---|---|---|---|
0 | v | password changed |
|
1 |
| domaincode malformed |
|
2 |
| connexion error |
|
3 |
| token is empty | only if token provided |
4 |
| no token with that key | only if token provided |
5 |
| invalid token | only if token provided |
9 |
| {param} is not {type} {(or undefined)} |
|
10 |
| user not found |
|
11 |
| validation key doesn't match - may be outdated |
|
12 |
| new password must be different from previous one |
|
99 |
| uncatched exception |
|