# User password

## API actions

API path: `/user/password`.

### change

Changes password of user with the provided session hash (it is contained in a password restore link from email sent to user by user/restore\_password).

> This call will receive only session hash from a password restore email. Any other hash will result in result error code 4 (User or API key not found or session ended).

#### Parameters

| name     | description                | type   |
| -------- | -------------------------- | ------ |
| password | New password for the user. | string |

{% hint style="danger" %}
Passwords must be between 12 and 20 characters in length and include at least one uppercase letter, lowercase letter, digit, and special character (!@#$%^&\*). To maintain account security, the system tracks password history, so you can't reuse any of your last 10 passwords. If a previous password is detected, the system will return the error "Password was recently used."
{% endhint %}

#### Example

cURL

```sh
curl -X POST 'https://api.eu.navixy.com/v2/user/password/change' \
    -H 'Content-Type: application/json' \
    -d '{"hash": "22eac1c27af4be7b9d04da2ce1af111b", "password": "D9#YoBaQd@RMjMSb"}'
```

#### Response

```json
{
  "success": true
}
```

#### Errors

* 101 – In demo mode this function disabled - if specified session hash belongs to demo user.

### set

Changes password for login user.\
Works only with standard user session (not with API key).

#### Parameters

| name          | description                                              | type   |
| ------------- | -------------------------------------------------------- | ------ |
| old\_password | Current password of the user.                            | string |
| new\_password | New password for the user. 6 to 20 printable characters. | string |

#### Example

cURL

{% code overflow="wrap" %}

```sh
curl -X POST 'https://api.eu.navixy.com/v2/user/password/set' \
    -H 'Content-Type: application/json' \
    -d '{"hash": "22eac1c27af4be7b9d04da2ce1af111b", "old_password": "Hh6FXTt%E!Rx*%f3", "new_password": "D9#YoBaQd@RMjMSb"}'
```

{% endcode %}

#### Response

```json
{
  "success": true
}
```

#### Errors

* 101 – In demo mode this function disabled - if specified session hash belongs to demo user.
* 245 – New password must be different - if `old_password` = `new_password`.
* 248 – Wrong password - if `old_password` is wrong.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://navixy.com/docs/navixy-api/user-api/backend-api/resources/commons/user/password.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.