Set Password

Used to verify phone number and set user's password for loging them back to their account

API Endpoint Documentation: auth/set-password

Endpoint Description

This endpoint is used to set a password for a user profile. It is particularly used in scenarios where a user profile has been created but the password has not been set. The endpoint ensures that the password is set securely and provides an access token for further authenticated requests.

HTTP Request

  • URL: https://xvdev.xash.co.zw/api/v1/auth/set-password

  • Method: POST

  • Authentication: None required for setting the password.

Request Headers

  • Accept: application/json

Request Parameters

  • user_number: The unique user number of the profile. This number will be sent to the user's provided number from the Register section.

  • password: The password to be set for the user profile. It must meet the following criteria:

    • At least 8 characters long.

    • Contains at least one lowercase letter, one uppercase letter, one digit, and one special character.

    • The password must be confirmed in the password_confirmation field.

Response

The response is a JSON object containing:

  • success: A boolean indicating the success status.

  • accessToken: A bearer token for authentication in subsequent requests. (Store this safely)

  • tokenType: Specifies the type of the token, here it is Bearer.

  • has_address: A boolean indicating whether the profile has an address set.

  • has_business: A boolean indicating whether the profile is associated with a business.

  • message: A message indicating the result of the operation.

Success Response Example

{
  "success": true,
  "accessToken": "6|lORlGRCc0s...",
  "tokenType": "Bearer",
  "has_address": false,
  "has_business": false,
  "message": "Password has been set successfully."
}

Error Responses

In case of an error (e.g., the password has already been set), the API will return a JSON object with success set to false and an appropriate error message.

Example Request using Axios

var axios = require("axios").default;

var options = {
  method: 'POST',
  url: 'https://xvdev.xash.co.zw/api/v1/auth/set-password',
  headers: {
    Accept: 'application/json',
  },
  data: []
};

axios.request(options).then(function (response) {
  console.log(response.data);
}).catch(function (error) {
  console.error(error);
});

Important Notes

  • The user_number must be unique copied from their SMS inbox

  • If the password is already set, the endpoint will not allow a new password to be set and will prompt the user to use the password reset functionality.

  • The profile associated with the user_number should have been created within a day of this request. Profiles without passwords are purged daily.

Security Considerations

  • It's recommended to implement IP-based throttling to prevent brute-force attacks.

  • Always ensure secure transmission (HTTPS) to protect user data.

PreviousRegisterNextCreate Business

Last updated