Skip to main content

Change the current password

POST 

/v1/me/change-password

Authenticated password change (SPEC-15 §15.2). Requires the current password, plus a valid TOTP code when 2FA is enabled. On success all refresh sessions are revoked (re-login everywhere) and a security notice is emailed. SSO-only accounts get 400 password_not_set.

Request

Responses

Default Response

Response Headers
    X-Request-Id

    ULID stamped on every response and propagated through error envelopes. Use it when filing support tickets — it identifies the exact request in the structured logs (requestId field).

    X-RateLimit-Limit

    Requests-per-second ceiling for the current bucket (per-organization for authenticated calls, per-IP for public ones).

    X-RateLimit-Remaining

    Tokens left in the bucket after this request.

    X-RateLimit-Reset

    ISO-8601 timestamp when the bucket will be fully refilled.