# Passwords Login users using passwords. This implements a frontend integration for password authentication, where passwords are handled only by the client. If the password credentials are valid, the client can obtain an authorization code that your app can exchange in the backend for user tokens. ## Servers Sandbox environment ``` https://api.sbx.transmitsecurity.io/cis ``` Production environment (US) ``` https://api.transmitsecurity.io/cis ``` Production environment (EU) ``` https://api.eu.transmitsecurity.io/cis ``` Production environment (CA) ``` https://api.ca.transmitsecurity.io/cis ``` Production environment (AU) ``` https://api.au.transmitsecurity.io/cis ``` ## Security ### bearer Type: http Scheme: bearer Bearer Format: JWT ### UserAccessToken A token returned upon end-user authentication, which provides access to resources and data for the user and app for which it was generated Type: http Scheme: bearer Bearer Format: JWT ### AdminAccessToken A token generated by a management application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to all resources for the tenant and its apps Type: oauth2 ### ClientAccessToken A token generated by an end-user application using the [token endpoint](/openapi/token.openapi/other/getaccesstoken). It provides access to resources and data on the tenant level or associated with the specific application (but not other apps in the tenant) Type: oauth2 ### OrgAdminAccessToken A token returned upon B2B authentication for a user that has the organizationAdmin or organizationCreator role. Type: oauth2 ## Download OpenAPI description [Passwords](https://developer.transmitsecurity.com/_bundle/openapi/user/passwords.openapi.yaml) ## Other ### Login with password - [POST /v1/auth/password/login](https://developer.transmitsecurity.com/openapi/user/passwords.openapi/other/login.md): Authenticate a user with a password ### Start reset by email link - [POST /v1/auth/password/reset/email/link](https://developer.transmitsecurity.com/openapi/user/passwords.openapi/other/sendforgotpasswordemail.md): Starts a password reset flow by sending an email magic link. Once clicked, the User Agent will be redirected to the URI specified in this request. This URI will include a code required to reset the password. Required permissions: apps:execute, [appId]:execute, auth:execute. ### Generate reset link - [POST /v1/auth/password/reset/link](https://developer.transmitsecurity.com/openapi/user/passwords.openapi/other/generateresetpasswordlink.md): Starts a password reset flow by generating a magic link. Once clicked, the User Agent will be redirected to the URI specified in this request. This URI will include a code required to reset the password. Required permissions: apps:execute, [appId]:execute, auth:execute. ### Start reset by Email OTP - [POST /v1/auth/password/reset/email/otp](https://developer.transmitsecurity.com/openapi/user/passwords.openapi/other/sendresetpasswordemailotp.md): Starts a password reset flow by sending an Email OTP. Required permissions: apps:execute, [appId]:execute, auth:execute. ### Validate reset OTP Email - [POST /v1/auth/password/reset/email/otp/validate](https://developer.transmitsecurity.com/openapi/user/passwords.openapi/other/validateresetpasswordemailotp.md): Validate a reset password OTP. Required permissions: apps:execute, [appId]:execute, auth:execute. ### Start reset by SMS OTP - [POST /v1/auth/password/reset/sms/otp](https://developer.transmitsecurity.com/openapi/user/passwords.openapi/other/sendresetpasswordsmsotp.md): Starts a password reset flow by sending an SMS OTP. Required permissions: apps:execute, [appId]:execute, auth:execute. ### Validate reset SMS OTP - [POST /v1/auth/password/reset/sms/otp/validate](https://developer.transmitsecurity.com/openapi/user/passwords.openapi/other/validateresetpasswordsmsotp.md): Validate a reset password OTP. Required permissions: apps:execute, [appId]:execute, auth:execute. ### Start reset by password - [POST /v1/auth/password/reset/password/validate](https://developer.transmitsecurity.com/openapi/user/passwords.openapi/other/validateoldpassword.md): Validates the current password and returns a reset token, which enables changing the user`s password ### Reset password - [POST /v1/auth/password/reset](https://developer.transmitsecurity.com/openapi/user/passwords.openapi/other/resetpassword.md): Resets a user's password ### Validate password - [POST /v1/auth/password/validate](https://developer.transmitsecurity.com/openapi/user/passwords.openapi/other/validatepassword.md): Validates a new password according to the requesting application's password policy. The validation includes checking the password complexity (such as minimum length and character requirements) and password history (i.e., that the same password wasn't used too recently). This can be used before updating a user's password to first check that the password they chose is valid and if not, provide feedback to the user. Required permissions: apps:execute, [appId]:execute, auth:execute. ### Logout - [POST /v1/auth/logout](https://developer.transmitsecurity.com/openapi/user/passwords.openapi/other/logout.md): Logout the user from a specific session. The user and session are derived from the access token used to authorize the request (which was issued based on the authentication that created the session) ### Exchange code for token (deprecated) - [POST /v1/token](https://developer.transmitsecurity.com/openapi/user/passwords.openapi/other/tokenexchange.md): Retrieve ID and access tokens. This API is used to retrieve ID and access tokens using the code that was returned in the redirect URI as a query parameter (for example, when the user clicks a magic link). It may also create a new user if create_new_user was set to true in the send request and no user exists for the email address or phone number (depending on the flow).