Password Recovery

When a previously authenticated user used the system, they may need to recover their password. The request will be valid for one hour.

They will first need to request a forgot password before they are able to reset it.

Depending on your verification flow, whether it be email, text or security questions the user will need to either provide a code or answer to question to prove their knowledge of the request.

Forgetting Password

Creates a request for password reset that must have the matching data to reset to ensure request parity.

If using security questions, you can provide an attempt number to select which question is used for verification.

The attempt will load the question into the hint field to be asked of the user.

POST https://api.meshydb.com/{accountName}/users/forgotpassword HTTP/1.1
Content-Type: application/json

  {
    "username": "username_testermctesterson",
    "attempt": 1
  }

Parameters

accountName : string, required
Indicates which account you are connecting to.
username : string, required
Unique user name for authentication.
attempt : integer, default: 1
Identifies how many times a request has been made.
var client = MeshyClient.initialize(accountName, publicKey);

await client.forgotPassword(username, attempt);

Parameters

accountName : string, required
Indicates which account you are connecting to.
publicKey : string, required
Public identifier of connecting service.
username : string, required
Unique user name for authentication.
attempt : integer, default: 1
Identifies how many times a request has been made.
var client = MeshyClient.Initialize(accountName, publicKey);

await client.ForgotPasswordAsync(username, attempt);

Parameters

accountName : string, required
Indicates which account you are connecting to.
publicKey : string, required
Public identifier of connecting service.
username : string, required
Unique user name for authentication.
attempt : integer, default: 1
Identifies how many times a request has been made.

Responses

200 : OK
  • Generates forgot password response to be used for password reset.

Example Result

{
        "username": "username_testermctesterson",
        "attempt": 1,
        "hash": "...",
        "expires": "1900-01-01T00:00:00.000Z",
        "hint": "..."
}
400 : Bad request
  • Username is required.
  • Anonymous user cannot recover password.
404 : Not Found
  • User was not found.
429 : Too many request
  • You have either hit your API or Database limit. Please review your account.

Check Hash

Optionally, before the user’s password is reset you can check if the verification code, they provide is valid.

This would allow a user to verify their code before requiring a reset.

POST https://api.meshydb.com/{accountName}/users/checkhash HTTP/1.1
Content-Type: application/json

  {
     "username": "username_testermctesterson",
     "attempt": 1,
     "hash": "...",
     "expires": "1900-01-01T00:00:00.000Z",
     "verificationCode": "..."
  }

Parameters

accountName : string, required
Indicates which account you are connecting to.
username : string, required
Unique user name for authentication.
attempt : integer, default: 1
Identifies which attempt hash was generated against.
hash : string, required
Generated hash from verification request.
expires : date, required
Identifies when the request expires.
hint : string
Hint for verification code was generated.
verificationCode : string, required
Value to verify against verification request.
var client = MeshyClient.initialize(accountName, publicKey);

await client.checkHash({
                           username: username,
                           attempt: attempt,
                           hash: hash,
                           expires: expires,
                           verificationCode: verificationCode
                      });

Parameters

accountName : string, required
Indicates which account you are connecting to.
publicKey : string, required
Public identifier of connecting service.
username : string, required
Unique user name for authentication.
attempt : integer, default: 1
Identifies which attempt hash was generated against.
hash : string, required
Generated hash from verification request.
expires : date, required
Identifies when the request expires.
hint : string
Hint for verification code was generated.
verificationCode : string, required
Value to verify against verification request.
var client = MeshyClient.Initialize(accountName, publicKey);

var check = new UserVerificationCheck();

var isValid = await client.CheckHashAsync(check);

Parameters

accountName : string, required
Indicates which account you are connecting to.
publicKey : string, required
Public identifier of connecting service.
username : string, required
Unique user name for authentication.
attempt : integer, default: 1
Identifies which attempt hash was generated against.
hash : string, required
Generated hash from verification request.
expires : date, required
Identifies when the request expires.
hint : string
Hint for verification code was generated.
verificationCode : string, required
Value to verify against verification request.

Responses

200 : OK
  • Identifies if hash with verification code is valid.

Example Result

true
400 : Bad request
  • Username is required.
  • Hash is required.
  • Expires is required.
  • Verification code is required.
429 : Too many request
  • You have either hit your API or Database limit. Please review your account.

Resetting Password

Take result from forgot password and application verification code generated from email/text or security question answer, along with a new password to be used for login.

POST https://api.meshydb.com/{accountName}/users/resetpassword HTTP/1.1
Content-Type: application/json

   {
      username: "username_testermctesterson",
      attempt: 1,
      hash: "...",
      expires: "1900-01-01T00:00:00.000Z",
      verificationCode: "...",
      newPassword: "..."
   }

Parameters

accountName : string, required
Indicates which account you are connecting to.
username : string, required
Unique user name for authentication.
attempt : integer, default: 1
Identifies which attempt hash was generated against.
hash : string, required
Generated hash from verification request.
expires : date, required
Identifies when the request expires.
hint : string
Hint for verification code was generated.
verificationCode : string, required
Value to verify against verification request.
newPassword : string, required
New user secret credentials for login.
var client = MeshyClient.initialize(accountName, publicKey);

var passwordResetHash = await client.forgotPassword(username);

await client.resetPassword({
                              username: passwordResetHash.username,
                              attempt: passwordResetHash.attempt,
                              hash: passwordResetHash.hash,
                              expires: passwordResetHash.expires,
                              verificationCode: verificationCode,
                              newPassword: newPassword
                          });

Parameters

accountName : string, required
Indicates which account you are connecting to.
publicKey : string, required
Public identifier of connecting service.
username : string, required
Unique user name for authentication.
attempt : integer, default: 1
Identifies which attempt hash was generated against.
hash : string, required
Generated hash from verification request.
expires : date, required
Identifies when the request expires.
hint : string
Hint for verification code was generated.
verificationCode : string, required
Value to verify against verification request.
newPassword : string, required
New user secret credentials for login.
var client = MeshyClient.Initialize(accountName, publicKey);

var passwordResetHash = await client.ForgotPasswordAsync(username, attempt);

var resetPassword = new ResetPassword() {
                                          Username = passwordResetHash.Username,
                                          Attempt = passwordResetHash.Attempt,
                                          Hash = passwordResetHash.Hash,
                                          Expires = passwordResetHash.Expires,
                                          VerificationCode = verificationCode,
                                          NewPassword = newPassword
                                        };

await client.ResetPasswordAsync(resetPassword);

Parameters

accountName : string, required
Indicates which account you are connecting to.
publicKey : string, required
Public identifier of connecting service.
username : string, required
Unique user name for authentication.
attempt : integer, default: 1
Identifies which attempt hash was generated against.
hash : string, required
Generated hash from verification request.
expires : date, required
Identifies when the request expires.
hint : string
Hint for verification code was generated.
verificationCode : string, required
Value to verify against verification request.
newPassword : string, required
New user secret credentials for login.

Responses

204 : No Content
  • Identifies password reset is successful.
400 : Bad request
  • Username is required.
  • Hash is required.
  • Expires is required.
  • Verification code is required.
  • Hash is expired.
  • New password is required.
  • Anonymous user cannot be reset.
  • User has already been verified.
  • Request hash is invalid.
429 : Too many request
  • You have either hit your API or Database limit. Please review your account.