Password Recovery

When a previously authenticated user used the system, they may need to recover their password. The request will be valid for one hour.

They will first need to request a forgot password before they are able to reset it.

Depending on your verification flow, whether it be email, text or security questions the user will need to either provide a code or answer to question to prove their knowledge of the request.

Forgetting Password

Creates a request for password reset that must have the matching data to reset to ensure request parity.

If using security questions, you can provide an attempt number to select which question is used for verification.

The attempt will load the question into the hint field to be asked of the user.

var client = MeshyClient.Initialize(accountName, publicKey);

await client.ForgotPasswordAsync(username, attempt);

Parameters

accountName : string, required
Indicates which account you are connecting to.
publicKey : string, required
Public identifier of connecting service.
username : string, required
Unique identifier for user or device.
attempt : integer, required
Identifies how many times a request has been made.
var client = MeshyClient.initialize(accountName, publicKey);

await client.forgotPassword(username, attempt);

Parameters

accountName : string, required
Indicates which account you are connecting to.
publicKey : string, required
Public identifier of connecting service.
username : string, required
Unique identifier for user or device.
attempt : integer, required
Identifies how many times a request has been made.
POST https://api.meshydb.com/{accountName}/users/forgotpassword HTTP/1.1
Content-Type: application/json

  {
    "username": "username_testermctesterson",
    "attempt": 1
  }

Parameters

accountName : string, required
Indicates which account you are connecting to.
username : string, required
Unique identifier for user or device.
attempt : integer, required
Identifies how many times a request has been made.

Responses

200 : OK
  • Generates forgot password response to be used for password reset.

Example Result

{
        "username": "username_testermctesterson",
        "attempt": 1,
        "hash": "...",
        "expires": "1900-01-01T00:00:00.000Z",
        "hint": "xxxx"
}
400 : Bad request
  • Username is required.
  • Anonymous user cannot recover password.
404 : Not Found
  • User was not found.
429 : Too many request
  • You have have either hit your API or Database limit. Please review your account.

Check Hash

Optionally, before the user’s password is reset you can check if the verification code, they provide is valid.

This would allow a user to verify their code before requiring a reset.

var client = MeshyClient.Initialize(accountName, publicKey);

var check = new UserVerificationCheck();

var isValid = await client.CheckHashAsync(check);

Parameters

accountName : string, required
Indicates which account you are connecting to.
publicKey : string, required
Public identifier of connecting service.
username : string, required
Unique identifier for user or device.
attempt : integer, required
Identifies which attempt hash was generated against.
hash : string, required
Generated hash from verification request.
expires : date, required
Identifies when the request expires.
hint : string, required
Hint for verification code was generated.
verificationCode : string, required
Value to verify against verification request.
var client = MeshyClient.initialize(accountName, publicKey);

await client.checkHash({
                           username: username,
                           attempt: attempt:
                           hash: hash,
                           expires: expires,
                           hint: hint,
                           verificationCode: verificationCode
                      });

Parameters

accountName : string, required
Indicates which account you are connecting to.
publicKey : string, required
Public identifier of connecting service.
username : string, required
Unique identifier for user or device.
attempt : integer, required
Identifies which attempt hash was generated against.
hash : string, required
Generated hash from verification request.
expires : date, required
Identifies when the request expires.
hint : string, required
Hint for verification code was generated.
verificationCode : string, required
Value to verify against verification request.
POST https://api.meshydb.com/{accountName}/users/checkhash HTTP/1.1
Content-Type: application/json

  {
     "username": "username_testermctesterson",
     "attempt": 1,
     "hash": "...",
     "expires": "1/1/1900",
     "hint": "...",
     "verificationCode": "...",
  }

Parameters

accountName : string, required
Indicates which account you are connecting to.
username : string, required
Unique identifier for user or device.
attempt : integer, required
Identifies which attempt hash was generated against.
hash : string, required
Generated hash from verification request.
expires : date, required
Identifies when the request expires.
hint : string, required
Hint for verification code was generated.
verificationCode : string, required
Value to verify against verification request.

Responses

200 : OK
  • Identifies if hash with verification code is valid.

Example Result

true
400 : Bad request
  • Username is required.
  • Hash is required.
  • Expires is required.
  • Verification code is required.
429 : Too many request
  • You have have either hit your API or Database limit. Please review your account.

Resetting Password

Take result from forgot password and application verification code generated from email/text or security question answer, along with a new password to be used for login.

var client = MeshyClient.Initialize(accountName, publicKey);

await client.ResetPasswordAsync(resetHash, newPassword);

Parameters

accountName : string, required
Indicates which account you are connecting to.
publicKey : string, required
Public identifier of connecting service.
username : string, required
User name that is being reset.
expires : date, required
Defines when hash will expire before it needs to be regenerated.
hash : string, required
Hash result of forgot password to verify request for password reset.
newPassword : string, required
New user secret credentials for login.
var client = MeshyClient.initialize(accountName, publicKey);

var passwordResetHash = await client.forgotPassword(username);

await client.resetPassword(passwordResetHash, newPassword)

Parameters

accountName : string, required
Indicates which account you are connecting to.
publicKey : string, required
Public identifier of connecting service.
username : string, required
User name that is being reset.
expires : date, required
Defines when hash will expire before it needs to be regenerated.
hash : string, required
Hash result of forgot password to verify request for password reset.
newPassword : string, required
New user secret credentials for login.
POST https://api.meshydb.com/{accountName}/users/resetpassword  HTTP/1.1
Content-Type: application/json

  {
    "username": "username_testermctesterson",
    "expires": "1-1-2019",
    "hash": "randomlygeneratedhash",
    "newPassword": "newPassword"
  }

Parameters

accountName : string, required
Indicates which account you are connecting to.
username : string, required
Unique identifier for user or device.
expires : date, required
Defines when hash will expire before it needs to be regenerated.
hash : string, required
Hash result of forgot password to verify request for password reset.
newPassword : string, required
New user secret credentials for login.

Responses

204 : No Content
  • Identifies password reset is successful.
400 : Bad request
  • Username is required.
  • Hash is required.
  • Expires is required.
  • Verification code is required.
  • Hash is expired.
  • New password is required.
  • Anonymous user cannot be reset.
  • User has already been verified.
  • Request hash is invalid.
429 : Too many request
  • You have have either hit your API or Database limit. Please review your account.