BPAPI Methods

BPAPI method ResetPassword

ResetPassword

Resets password ("lost" password functionality) for customer identified by the credentials used for authorization.

Authorization required: No

HTTP methods allowed: GET, POST

Syntax: ResetPassword/{email_or_value_code}/  Details 

Syntax: ResetPassword/{email_or_value_code}/{execute_id}/{app_version}/  Details   Details 

Syntax: ResetPassword/{email_or_value_code}/{execute_id}/  Details 

Syntax: ResetPassword/{email_or_value_code}/{execute_id}/{app_version}/{new_email}/  Details 

Syntax: ResetPassword/{email_or_value_code}/{execute_id}/{app_version}/{new_email}/{new_password}/  Details 

Resets password ("lost" password functionality) for customer identified by the credentials used for authorization.

The process consists of 2 or 3 steps:
Step 1: {email_or_value_code} and {app_version} given. User enters registered email address or valuecode. app_version is set by app. If app_version is string="null" or null, assume call from old app (i.e MinHytte). Request that an execute_id be created and sent to the specified email-address. The email created is based on app_version
Step 2a: {email_or_value_code}{execute_id} given. This call is made by old app (i.e MinHytte). The execute_id is that given in the email message created in Step 1.
Step 2b: {email_or_value_code}{execute_id}{app_version} and {new_email_or_value_code} given. {email_or_value_code} and {new_email_or_value_code} should be the same (if they are different a "NotImplementedException" is thrown). {app_version} is set by new app (can be anything but null or string="null". The execute_id is that given in the email message created in Step 1.

Step 3: {email_or_value_code}/{execute_id}/{app_version}/{new_email}/{new_password}". {email_or_value_code} and {new_email_or_value_code} should be the same. {execute_id} must be the same as set in Step1. {app_version} is set by new app (can be anything but null or string="null".)
Both Step 1 and Step 2 uses this same API-method

Step 1 is supposed to be called from code or app and will return JSON / technical HTML-response as "normal" in BPAPI while
Step 2a is supposed to be done by the client (customer) and will always return an end-user friendly HTML-response.
Step 2b is called by app and will return JSON response with information if the password is reset successfully or not.

In Step 2a the current password for the customer will be deactivated and the HTTP-request will be redirected to Subscription/Register
from which the user may repeat the original registration-process.
Note that it is also resets the email-address used for the customer in this manner since technically
after accessing the URL-command given in Step 1 Subscription/Register will function as if no e-mail or password has been registered for the customer (that is, it will function as if the gateway is unregistered).


In Step 2b the customer has entered the execute_id in the app and the execute_id is verified. A JSON response indicating success is the following:bpapi_result {
ResetPasswordStep2 {
can_reset_password: true

All other cases indicates that the passwordreset was unsuccesful.When the execute_id has been verified and the app receives "can_reset_password: true", it can move to the next step, enter a new password. The call with the new_password goes to Step3.
In Step 3 the execute_id has been verified. , where all input is verified and password is set to new_password. Step3 JSON responses are:reset_password_step_3: { ///success: true ///} ///Indicating that the password has been successfully set. If success=false, the new_password was not set. ///
NOTE: As of March 2016 this functionality does not work when multiple gateways are registered for the customer identified by the credentials used for authorization. Information about this will only be given in Step 2, not Step 1.

See also ChangePassword


Unit-tests: 3 test(s)

Popularity: 43989 (number of times method has been accessed)

Documentation and tests automatically generated from source-code 2020-03-30 00:17