Set the password for a user who has a valid password request key


Set the password for a user who has an outstanding password request. A user with an outstanding password request will have an unused and unexpired password key. The password key is part of the url provided to the user in the email sent to the user with information on how to set their password. The email was generated by the SoftLayer_User_Customer::initiatePortalPasswordRequest request. Password recovery keys are valid for 24 hours after they’re generated.

If the user has required authentication methods as specified by in the SoftLayer_Container_User_Customer_PasswordSet container returned from the SoftLayer_User_Customer::getRequirementsForPasswordSet request, then additional requests must be made to processPasswordSetRequest to authenticate the user before changing the password. First, if the user has security questions set on their profile, they will be required to answer one of their questions correctly. Next, if the user has Verisign or Google Authentication on their account, they must authenticate according to the two-factor provider. All of this authentication is done using the SoftLayer_Container_User_Customer_PasswordSet container.

User portal passwords must match the following restrictions. Portal passwords must…

  • …be over eight characters long.
  • …be under twenty characters long.
  • …contain at least one uppercase letter
  • …contain at least one lowercase letter
  • …contain at least one number
  • …contain one of the special characters _ - | @ . , ? / ! ~ # $ % ^ & * ( ) { } [ ] \ + =
  • …not match your username


Name Type Description
passwordSet SoftLayer_Container_User_Customer_PasswordSet A container with the information required for setting customer password
authenticationContainer SoftLayer_Container_User_Customer_External_Binding The authentication container with the external authentication information.

Required Headers

Optional Headers

  • None

Return Values

  • boolean

Error Handling

  • Throws the exception “Invalid password recovery key” if no password recovery key was provided, the provided key was invalid, the key has expired, or the recovery key does not belong to this user.
  • Throws the exception “Your portal password must” followed by a list of violated password rules if the given password fails to match any of the above restrictions.
  • Throws the exception “Invalid value provided for Password” if no password is provided.
  • Throws the exception “Invalid answer provided for security question” if security question is not answered according to the user’s profile.
  • Throws the exception “Account has been locked for 30 minutes” if maximum number of attempts to set password has been reached.
  • Throws the exception “You must supply external authentication credentials to log in with this user” if external authentication security code is required and not provided.
  • Throws the exception “Time-based One Time Password authentication is required to log in with this user” if TOTP authentication is required and not provided.

Associated Methods

curl -g -u $SL_USER:$SL_APIKEY -X POST -d '{"parameters": [SoftLayer_Container_User_Customer_PasswordSet, SoftLayer_Container_User_Customer_External_Binding]}' \