# Update password

Updates the user's existing credentials with a new temporary password, which must be reset the next time they login. Required permissions: apps:edit, [appId]:edit, authenticators:edit.

Endpoint: PUT /v1/users/{user_id}/password
Security: ClientAccessToken

## Path parameters:

  - `user_id` (string, required)
    The ID of the user

## Request fields (application/json):

  - `password` (string)
    The user's new password

  - `force_replace` (boolean)
    When true the password is temporary and the user will be required to replace it upon successful login

  - `device_id` (string)
    The device associated with this password update.

## Response 200 fields (application/json):

  - `result` (object, required)

  - `result.message` (string, required)
    Example: "Password registered"

## Response 400 fields (application/json):

  - `error_code` (string)
    Enum: "system_invalid_input", "auth_password_recently_used", "auth_password_breached", "auth_password_policy_disabled", "auth_not_active", "auth_password_incomplete_credentials", "auth_password_weak"

  - `message` (string)

## Response 404 fields (application/json):

  - `error_code` (string)
    Enum: "user_not_found"

  - `message` (string)

## Response 409 fields (application/json):

  - `error_code` (string)
    Enum: "auth_password_already_configured"

  - `message` (string)


