Authentication API Reference

Update Password by Session (Enterprise)

POST /v1/auth/passwords/session/update

Update user password using an active session. If the session token does not have an active factor from OTP, magic link, or password, it will return an error.

HTTP Request

GET /v1/auth/passwords/session/update

Request Body

The following table lists the properties of an HTTP request that this action supports.

Returns

A successful response returns user_id property and session object associated with the session_token sent in.

Body

password string Required

Required Unique user ID to associate the TOTP with.

Minimum length is 1.
session_token string

Required if session_jwt not present Session token to identify the user by. Only a valid session will result in a successful password change.
session_jwt string

Required if session_token not present Session jwt to identify the user by. Only a valid session will result in a successful password change.

Responses

• 200 object

OK
- session object
  id string Required
  
  Minimum length is 1.
  
  user_id string Required
  
  Minimum length is 1.
  
  session_token string Required
  
  Minimum length is 1.
  
  started_at number Required
  
  expires_at number Required
  
  last_active_at number Required
  
  factors array[object] Required
  
  At least 1 element.
  
  delivery_channel string Required
  
  Delivery channel for this factor. Possible values: sms, email, totp_authenticator, totp_recovery_code, google_oauth, apple_oauth, microsoft_oauth, discord_oauth, okta_oauth, github_oauth, slack_oauth, facebook_oauth, webauthn_credential, eth_wallet, sol_wallet.
  
  Minimum length is 1.
  
  type string Required
  
  Authentication type of factor. Possible values: otp, oauth, wallet, totp, webauthn.
  
  Minimum length is 1.
  
  method object Required
  
  id string
  
  method_id string Required
  
  Minimum length is 1.
  
  method_type string Required
  
  Identifier method type. Possible values: email, wallet, phone_number, webauthn.
  
  Minimum length is 1.
  
  last_verified_at number Required
  
  phone_number_id string
  
  Minimum length is 1.
  
  phone_number string
  
  Minimum length is 1.
  
  email_id string
  
  email string
  
  wallet_type string
  
  wallet_id string
  
  wallet_public_address string
  
  totp_id string
  
  webauthn_credential_id string
  
  provider_subject string
  
  device_fingerprint object Required
  
  user_agent string Required
  
  ip string Required
  
  Minimum length is 1.
  
  updated_at number Required
  
  created_at number Required
- user_id string

POST /v1/auth/passwords/session/update

curl \
 -X POST https://api.streambird.io/v1/auth/passwords/session/update \
 -H "Authorization: Bearer $ACCESS_TOKEN" \
 -H "Content-Type: application/json" \
 -d '{"password":"samplepass","session_token":"4KdNDr4QAMekuWssW7IDtF9mlsmkOj8QDRbp7oIGOb3Tv4sE3PjX6j6GypoYNnIB"}'

Request example

{
  "password": "samplepass",
  "session_token": "4KdNDr4QAMekuWssW7IDtF9mlsmkOj8QDRbp7oIGOb3Tv4sE3PjX6j6GypoYNnIB"
}

Response example (200)

{
  "session": {
    "id": "sess_2KF44T13b1clHEoOHpwEmTtldx5",
    "user_id": "user_2Cu2uVhYy0OVgRcO913OsqIVaPI",
    "started_at": 1673556805,
    "expires_at": 1673562817,
    "last_active_at": 1673556817,
    "factors": [
      {
        "delivery_channel": "email",
        "type": "otp",
        "method": {
          "method_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
          "method_type": "email",
          "email_id": "email_24oXBL3PufzHkH1Jzyjc2EXYeo7",
          "email": "sandbox@streambird.io",
          "last_verified_at": 1673556805
        }
      },
      {
        "delivery_channel": "password",
        "type": "password",
        "method": {
          "last_verified_at": 1673556817
        }
      }
    ],
    "device_fingerprint": {
      "user_agent": "Chrome",
      "ip": ""
    },
    "permissions": [],
    "deleted": false,
    "deleted_at": 0,
    "updated_at": 1673556817,
    "created_at": 1673556805
  },
  "user_id": "user_2Cu2uVhYy0OVgRcO913OsqIVaPIb"
}