Change current user password

POST /me/change-password
Bearer auth

Allow the current authenticated user to change their own password

application/json

Body Required

  • current_password string Required

    Current user password for verification

  • new_password string Required

    New password meeting security requirements:

    • At least 12 characters long
    • At least one uppercase letter (A-Z)
    • At least one lowercase letter (a-z)
    • At least one digit (0-9)
    • At least one special character (!@#$%&*...)
    • No more than 3 consecutive identical characters
    • Cannot contain common weak patterns

    Minimum length is 12, maximum length is 128.

Responses

  • 200 application/json

    Password changed successfully

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
  • 400 application/json

    Bad request - validation error for current password verification or new password requirements

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object
      Hide data attributes Show data attributes object
      • type string

        Value is validation_error.

      • errors array[object]
        Hide errors attributes Show errors attributes object
        • key string

          Field name that failed validation

          Values are current_password or new_password.

        • message string

          Validation error type

        • value string

          Always empty for security (passwords not exposed)
  • 401 application/json

    Unauthorized - invalid or missing JWT token

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
  • 500 application/json

    Internal server error

    Hide response attributes Show response attributes object
    • code integer
    • message string
    • data object | null
POST /me/change-password 
curl \
 --request POST 'https://api.your-domain.com/api/me/change-password' \
 --header "Authorization: Bearer $ACCESS_TOKEN" \
 --header "Content-Type: application/json" \
 --data '{"current_password":"MyCurrentP4ssw0rd!","new_password":"MyNewSecureP4ssw0rd!"}'
Request examples 
{
  "current_password": "MyCurrentP4ssw0rd!",
  "new_password": "MyNewSecureP4ssw0rd!"
}
Response examples (200) 
{
  "code": 200,
  "message": "password changed successfully",
  "data": {}
}
Response examples (400) 
{
  "code": 400,
  "message": "validation failed",
  "data": {
    "type": "validation_error",
    "errors": [
      {
        "key": "current_password",
        "value": "",
        "message": "incorrect_password"
      },
      {
        "key": "new_password",
        "value": "",
        "message": "min_length"
      },
      {
        "key": "new_password",
        "value": "",
        "message": "missing_uppercase"
      }
    ]
  }
}
Response examples (401) 
{
  "code": 401,
  "message": "invalid token",
  "data": {}
}
Response examples (500) 
{
  "code": 500,
  "message": "internal server error",
  "data": {}
}