How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I change a user's password using the REST API in AM (All versions)?

Last updated Apr 13, 2021

The purpose of this article is to provide information on changing a user's password in AM using the REST API.

1 reader recommends this article


To change a user's password, you must authenticate and include the returned token ID in the curl command. For example, you can authenticate as an admin user as follows: $ curl -X POST -H "X-OpenAM-Username: amadmin" -H "X-OpenAM-Password: cangetinam" -H "Content-Type: application/json" -H "Accept-API-Version: resource=2.1"

Example response:

{ "tokenId": "AQIC5wM2LY4SfcxsuvGEjcsppDSFR8H8DYBSouTtz3m64PI.*AAJTSQACMDIAAlNLABQtNTQwMTU3NzgxODI0NzE3OTIwNAEwNDU2NjE0*", "successUrl": "/openam/console", "realm": "/" }

Please observe the following when constructing REST calls:

  • Make the REST call to the actual AM server URL (not lb).
  • Change the name of the iPlanetDirectoryPro header to the name of your actual session cookie.
  • Set this session cookie header to the token returned when you authenticated.
  • Ensure the Accept-API-Version header contains a valid resource version.

See How do I avoid common issues with REST calls in AM (All versions)? for further information.

Changing a user's password

You (or the user) can change a user's password using one of the following curl commands. The user's old password is required unless you are an admin user changing a non-admin user's password.

  • You can use the following curl command where you supply the user's old password: $ curl -X POST -H "iPlanetDirectoryPro: AQIC5wM2LY4Sfcxs...EwNDU2NjE0*" -H "Content-Type: application/json" -H "Accept-API-Version: resource=3.0,protocol=1.0" -d '{ "currentpassword":"changeit", "userpassword":"newPassword" }'
  • An admin user can change the password for a non-admin user without supplying the old password by using a PUT request instead: $ curl -X PUT -H "iPlanetDirectoryPro: AQIC5wM2LY4Sfcxs...EwNDU2NjE0*" -H "Content-Type: application/json" -H "Accept-API-Version: resource=3.0,protocol=1.0" -d '{ "userpassword":"newPassword" }'

See Also

FAQ: Users in AM


Setup Guide › Changing Passwords

Getting Started with REST › Specifying Realms in REST API Calls

Related Training


Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.