PUT /_security/user/{username}/_password

Change the passwords of users in the native realm and built-in users.

Path parameters

  • username string Required

    The user whose password you want to change. If you do not specify this parameter, the password is changed for the current user.

Query parameters

  • refresh string

    If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes.

    Values are true, false, or wait_for.

application/json

Body Required

  • password string
  • password_hash string

    A hash of the new password value. This must be produced using the same hashing algorithm as has been configured for password storage. For more details, see the explanation of the xpack.security.authc.password_hashing.algorithm setting.

Responses

  • 200 application/json
PUT /_security/user/{username}/_password 
POST /_security/user/user1/_password
{
  "password" : "new-test-password"
}
curl \
 --request PUT 'http://api.example.com/_security/user/{username}/_password' \
 --header "Content-Type: application/json" \
 --data '"{\n  \"password\" : \"new-test-password\"\n}"'
Request examples
An example body for a `POST /_security/user/user1/_password` request. 
{
  "password" : "new-test-password"
}
Run `POST /_security/user/jacknich/_password` to update the password for the `jacknich` user. 
{
  "password" : "new-test-password"
}

Documentation preview

This is a preview of your version @2025-06-09 which is not yet released.

View current documentation