POST /api/experience/verification/password

Create and verify a new Password verification record. The verification record can only be created if the provided user credentials are correct. If the password is valid and within the reminder window, this endpoint still returns the verification record together with reminder metadata so the client can decide whether to continue signing in or reset the password.

application/json

Body Required

  • identifier object Required

    The unique identifier of the user that will be used to identify the user along with the provided password.

    Hide identifier attributes Show identifier attributes object
    • type string Required

      Values are username, email, or phone.

    • value string Required
  • password string Required

    The user password.

    Minimum length is 1.

Responses

  • 200 application/json

    The Password verification record has been successfully created and verified.

    Hide response attributes Show response attributes object
    • verificationId string Required

      The unique verification ID of the newly created Password verification record. The verificationId is required when verifying the user's identity via the Identification API.

    • reminder object

      Optional password expiration reminder metadata. When present, the password is still valid for sign-in, but is close to expiration.

      Hide reminder attribute Show reminder attribute object
      • daysUntilExpiration number Required

        The number of days remaining before the current password expires.
  • 400

    The verification attempts have exceeded the maximum limit.

  • 401

    The user is suspended or banned from the service.

  • 422

    session.invalid_credentials: Either the user is not found or the provided password is incorrect.
    password.expired: The password is valid but already expired.

POST /api/experience/verification/password 
curl \
 --request POST 'https://[tenant_id].logto.app/api/experience/verification/password' \
 --header "Content-Type: application/json" \
 --data '{"identifier":{"type":"username","value":"string"},"password":"string"}'
Request examples 
{
  "identifier": {
    "type": "username",
    "value": "string"
  },
  "password": "string"
}
Response examples (200) 
{
  "verificationId": "string",
  "reminder": {
    "daysUntilExpiration": 42.0
  }
}