ActivateAuthenticateAmplify
Developer Blog
DashboardSupportDeveloper Blog
Back to All

Application User API Update

about 7 years ago by Chris Lewis

As part of ongoing security enhancements, we are updating the Application User API to introduce an additional check when updating the password field.

Previously, a PUT /users/:evrythngUser request by (and only by) that Application User's API Key would update the password to the value included in the request, if at all.

Now, the same request is performed, but the Application User must also include the new oldPassword field, otherwise the request will be rejected by the API. For example:

PUT /users/UmtcamkbBg8wQ5awaDwUAqNt
Content-Type: application/json
Authorization: $APPLICATION_USER_API_KEY

{
  "password": "myN3wS3curePa55w0rd",
  "oldPassword": "password123"
}