Change Password
Endpoint
URL: /:projectId/auth/change-password
Method: POST
Authentication Required: Yes
Description
Allows an authenticated user to change their password by verifying the current password and setting a new one.
Request
Headers
| Header | Type | Required | Description |
|---|---|---|---|
Authorization | string | Yes | Bearer token for authentication. |
Body Parameters
| Field | Type | Required | Description |
|---|---|---|---|
password | string | Yes | The current password. |
newPassword | string | Yes | The new password to set. |
Example Request
{
"password": "oldPassword123",
"newPassword": "newSecurePassword456"
}Response
Success Response (200 OK)
{
"success": true,
"message": "Password updated successfully."
}Error Responses
Missing Fields (400 Bad Request)
{
"error": "Email, password, and a new password are all required.",
"code": "auth/missing-fields"
}User Not Found (403 Forbidden)
{
"error": "User not found.",
"code": "auth/no-user-found"
}User Not Password Authenticated (400 Bad Request)
{
"error": "User is not authenticated with email and password.",
"code": "auth/not-password-authenticated"
}Incorrect Password (401 Unauthorized)
{
"error": "Incorrect password.",
"code": "auth/wrong-password"
}Server Error (500 Internal Server Error)
{
"error": "Internal server error.",
"code": "auth/server-error",
"details": "<Error message>"
}Notes
- Only users authenticated via email and password can change their password.
- The current password must be correct.
- New password is hashed and stored securely.