Skip to main content
POST
/
users
/
password
curl -X POST http://localhost:3000/users/password \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "oldPassword": "currentPassword123",
    "newPassword": "newSecurePassword456"
  }'

{
  "message": "Password changed successfully"
}

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/4rt21/backend-proyecto/llms.txt

Use this file to discover all available pages before exploring further.

Authentication

This endpoint requires a valid JWT Bearer token.
Authorization
string
required
Bearer token for authenticationFormat: Bearer <your_access_token>

Request Body

oldPassword
string
required
The user’s current password for verification
newPassword
string
required
The new password to set. Should be at least 8 characters long.

Response

message
string
Success message confirming the password was changed
curl -X POST http://localhost:3000/users/password \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "oldPassword": "currentPassword123",
    "newPassword": "newSecurePassword456"
  }'

{
  "message": "Password changed successfully"
}

Security Notes

The old password must match the current password stored in the database for the change to be authorized.
After changing the password, the user’s current access and refresh tokens remain valid. Consider implementing token invalidation on password change for enhanced security.

Best Practices

  • Require passwords to be at least 8 characters long
  • Validate password strength on the client side before submission
  • Consider adding rate limiting to prevent brute force attacks
  • Notify the user via email when their password is changed