Change passwords API
editChange passwords API
editChanges the passwords of users in the native realm and built-in users.
Prerequisites
edit-
Every user can change their own password. Users with the
manage_security
privilege can change passwords of other users.
Description
editYou can use the create user API to update everything
but a user’s username
and password
. This API changes a user’s password.
For more information about the native realm, see Realms and Native user authentication.
Path parameters
edit-
username
- (Optional, string) The user whose password you want to change. If you do not specify this parameter, the password is changed for the current user.
Request body
edit-
password
-
(string) The new password value. Passwords must be at least 6 characters long.
One of
password
orpassword_hash
is required. -
password_hash
-
(string) A hash of the new password value. This must be produced using the same hashing algorithm as has been configured for password storage. For more details, see the explanation of the
xpack.security.authc.password_hashing.algorithm
setting in User cache and password hash algorithms.Using this parameter allows the client to pre-hash the password for performance and/or confidentiality reasons.
The
password
parameter and thepassword_hash
parameter cannot be used in the same request.
Examples
editThe following example updates the password for the jacknich
user:
POST /_security/user/jacknich/_password { "password" : "new-test-password" }
A successful call returns an empty JSON structure.
{}