You can check a user’s password to verify its current state. The result of a password validation check returns one of the following values for the status property:

The sample shows the POST /environments/{environmentId}/users/{userId}/password operation to check the password attribute value provided in the request body against the current password. This operation uses the application/vnd.pingidentity.password.check+json custom content type in the request header.

The password value in the request body is checked against the user’s current password. If the password is checked successfully, and the password status is OK, MUST_CHANGE_PASSWORD, or PASSWORD_EXPIRED, the response returns a 200 OK message. If the password status is NO_PASSWORD or PASSWORD_LOCKED_OUT, the response returns a 400 BAD REQUEST message.

Important: Users who authenticate with an authoritative identity provider cannot perform any self-service actions on passwords. Their attribute is not null and their user.identityProvider.type attribute is not PING_ONE.