# Password settings ## Create or update password configuration - [POST /resources/configurations/v1/password](https://developers.frontegg.com/ciam/api/identity/password-settings/passwordpolicycontroller_addorupdatepasswordconfig.md): Create or update the password policy for the entire environment. ## Get password policy configuration - [GET /resources/configurations/v1/password](https://developers.frontegg.com/ciam/api/identity/password-settings/passwordpolicycontroller_getpasswordconfig.md): Retrieve the password policy for all accounts (tenants). ## Create password history policy - [POST /resources/configurations/v1/password-history-policy](https://developers.frontegg.com/ciam/api/identity/password-settings/passwordhistorypolicycontroller_createpolicy.md): Create a password history policy for all accounts (tenants). To enable the password history policy, set the enabled parameter to true and specify the passwordHistorySize as a number between 1 and 10. ## Update password history policy - [PATCH /resources/configurations/v1/password-history-policy](https://developers.frontegg.com/ciam/api/identity/password-settings/passwordhistorypolicycontroller_updatepolicy.md): Update the password history policy for all accounts (tenants). To disable the password history policy, set the enabled parameter to false. You can also update the passwordHistorySize value to a number between 1 and 10. ## Get password history policy - [GET /resources/configurations/v1/password-history-policy](https://developers.frontegg.com/ciam/api/identity/password-settings/passwordhistorypolicycontroller_getpolicy.md): Retrieve the password history policy for all accounts (tenants) or for a specific account (tenant). ## Reset password - [POST /resources/users/v1/passwords/reset](https://developers.frontegg.com/ciam/api/identity/password-settings/userspasswordcontrollerv1_resetpassword.md): Send a reset password email to a user. Provide the user's email in the request body. If your email template uses metadata, include the email metadata in the request body as well. ## Verify password - [POST /resources/users/v1/passwords/reset/verify](https://developers.frontegg.com/ciam/api/identity/password-settings/userspasswordcontrollerv1_verifyresetpassword.md): Verify a user's password using a verification token. Provide the userId, token, and password in the request body. The token can be obtained using the route for generating a user password reset token. ## Change password - [POST /resources/users/v1/passwords/change](https://developers.frontegg.com/ciam/api/identity/password-settings/userspasswordcontrollerv1_changepassword.md): Change the password for a logged-in user. Include the current and new passwords in the request body. ## Get strictest password configuration - [GET /resources/users/v1/passwords/config](https://developers.frontegg.com/ciam/api/identity/password-settings/userspasswordcontrollerv1_getuserpasswordconfig.md): Retrieve the user's strictest password configuration. This is useful when a user belongs to multiple accounts (tenants) with varying password complexity requirements. The route returns the strictest setting the user is subject to. ## Reset password via email - [POST /resources/users/v2/passwords/reset/email](https://developers.frontegg.com/ciam/api/identity/password-settings/userspasswordcontrollerv2_resetpasswordviaemail.md): Sends a password reset email to the user. Provide the user's email address in the request body to initiate the reset process. ## Reset password via SMS - [POST /resources/users/v2/passwords/reset/sms](https://developers.frontegg.com/ciam/api/identity/password-settings/userspasswordcontrollerv2_resetpasswordviasms.md): Sends a password reset SMS with a one-time code (OTP) to the user. Provide the user's phone number in the request body to initiate the reset process. ## Verify password reset code sent via SMS - [POST /resources/users/v2/passwords/reset/sms/verify](https://developers.frontegg.com/ciam/api/identity/password-settings/userspasswordcontrollerv2_verifyresetpasswordviasmsotc.md): Verifies the one-time code (OTP) sent via SMS for password reset. Provide the OTP in the request body. If valid, returns the user ID and reset token. ## Get password expiration period configuration - [GET /resources/configurations/v1/password-rotation](https://developers.frontegg.com/ciam/api/identity/password-settings/passwordrotationconfigcontrollerv1_getpasswordrotationconfiguration.md): Retrieve the password expiration period configuration for your environment or for a specific account (tenant). ## Manage password expiration - [POST /resources/configurations/v1/password-rotation](https://developers.frontegg.com/ciam/api/identity/password-settings/passwordrotationconfigcontrollerv1_upsertpasswordrotationconfiguration.md): Create or update the configuration for the password expiration policy. If no configuration exists, a default policy will be applied. ## Get environment configuration for password expiration period. - [GET /resources/configurations/v1/password-rotation/vendor](https://developers.frontegg.com/ciam/api/identity/password-settings/passwordrotationconfigcontrollerv1_getvendorpasswordrotationconfiguration.md): Retrieve the password expiration period configuration for your environment or for a specific account (tenant).