POST /users/<uuid>/password/reset

Generate a single-use, limited-lifetime password reset token for a specific local user. Authentication is required.

Request format

When Forming RBAC API requests to this endpoint, provide authentication and specify a user ID, such as:

curl -X POST "https://$(puppet config print server):4433/rbac-api/v1/users/297f1d72-d96e/password/reset" \
-H "X-Authentication:$(puppet-access show)"

Response format

A successful request returns 200 OK and the new token. Use this token with POST /auth/reset to reset the user's password.

Password reset tokens can be used only once, and these tokens have a limited lifetime. The lifetime is based on the value of the rbac_password_reset_expiration parameter. The default is 24 hours. For more information, refer to Configure RBAC and token-based authentication settings.

Error responses

Returns 403 Forbidden if:

The requesting user does not have permission to create a reset token for the specified user.
The specified user is a remote user. You must manage remote user information within the relevant remote system, such as SAML or LDAP.

Returns 404 Not Found if there is no user with the given UUID.

For other error responses, refer to RBAC service errors .