Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Process

The password reset process is basically devided into three parts.

Step 1 - Trigger "I-Forget-My-Password"-Token

First, the API has to be called

http://api.erecruiter.net/Help/Api/POST-Api-Applicant-RequestPassword_email_url_culture

This requires an existing eMail-adress, the Portal-URL and Culture are optional. The server will generate and send an eMail to the Applicant containing an reset-password-URL.This url will lead either to the provided URL or the first URL of the default Portal in case, the current URL is not provided. However, the generated Route is

{URL}/Password?email={email}&code={token}

and has to be handled by the Portal.

Step 2 - Test Token and load Applicant Profile

When the applicant navigates to that link, the applicant can be loaded by the generated token. At this point, the portal is either able to continue with Step 3 directly, or perform an early test of the token to retrieve the applicant profile using the eMail-adress and generated token. The profile can be loaded with the following request

http://api.erecruiter.net/Help/Api/GET-Api-Applicant_email_code

This request succeeds for the duration, the token is valid. Currently for it is valid for 2 days.

Step 3 - Actual change of password

This step contains the actual change of the password. Therefore, the following API Request can be executed

http://api.erecruiter.net/Help/Api/POST-Api-Applicant-SetPassword

This call requires the eMail, token, new password and the current URL to reset the password. Note, the password has to match the password policy in order to apply it to set it. Furthermore, the token again is valid for 2 days from its creation until it expires.

  • No labels