Skip to main content
Solved

API Call to reset password for a user

  • September 30, 2022
  • 2 replies
  • 265 views
K
Do Gooder (Customer)
Forum|alt.badge.img+1
  • KBayer
  • Do Gooder (Customer)
  • 1 reply

Astea Alliance V15.3

I’m trying to automate a service that can send an API call to Astea Alliance that will reset the password for a given user id and respond back with the temporary password. Is this possible? If so, do you have a template XML?

Best answer by Phil Seifert

Hi Kevin,

i am not aware of such an API and actually would not consider one to be a good idea generally as it would present a high level security risk.

Such an API process to return a result with the temporary password as a response could potentially be used to gain access to the application/data via a user’s account which the requestor should not have access or lock the specified user out of their system by changing their password.

The Alliance application does have a mechanism to allow password reset with a temporary password via the Password Initialization module or also with a Forgot Password option on the login screen where an email would be sent to the currently registered email address of the user account.

Perhaps you can use these options instead?

View original
    Did this topic help you find an answer to your question?

    2 replies

    Phil Seifert
    Ultimate Hero (Employee)
    Forum|alt.badge.img+24
    • Phil Seifert
    • Ultimate Hero (Employee)
    • 1366 replies
    • Answer
    • September 30, 2022

    Hi Kevin,

    i am not aware of such an API and actually would not consider one to be a good idea generally as it would present a high level security risk.

    Such an API process to return a result with the temporary password as a response could potentially be used to gain access to the application/data via a user’s account which the requestor should not have access or lock the specified user out of their system by changing their password.

    The Alliance application does have a mechanism to allow password reset with a temporary password via the Password Initialization module or also with a Forgot Password option on the login screen where an email would be sent to the currently registered email address of the user account.

    Perhaps you can use these options instead?

    Please mark any comments which answered your question as Best Answer so the topic is easier recognised as answered and closed.
    M
    1 person likes this
    • M
      Mark Segal
    K
    Do Gooder (Customer)
    Forum|alt.badge.img+1
    • KBayer
    • Author
    • Do Gooder (Customer)
    • 1 reply
    • September 30, 2022

    Hi Phil,

    Thanks Phil, I do agree it’s a high level security risk. Was trying to resolve issues with our users being unable to get into the application in general because they don’t set up their security Q/A even though we inform them. So, they can’t reset their own password. It ends up being manual work to do for one admin covering for hundreds on users.

    We aren’t connecting this to an AD or SSO, so was trying to figure out ways to automate this in the backend for user management systems, or ticket requests.

    Thanks

    Reply


    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings