question

Gaston Schattenhofer avatar image
Gaston Schattenhofer asked

Admin/ResetPassword Token body Request Properties

Hello! I'm trying to implement the ResetPassword API in order to make the reset within our platform and I can't get anything but AuthTokenDoesNotExist error. I've been using the Postman app to try out this calls before i start working them on our Platform.

I'm following the documentation (https://api.playfab.com/documentation/Admin/method/ResetPassword) and setting the Title's Secret key on the header and on the body i set the new password string and the Token with the EntityToken (400 character long string) that returned when user logged in. I also tried using the EntityToken returned by the API GetEntityToken and didn't work either.

This is the ResetPassword call:

POST /Admin/ResetPassword?sdk=PostmanCollection-0.86.190821 HTTP/1.1
Host: BDA07.playfabapi.com
X-PlayFabSDK: PostmanCollection-0.86.190821
Content-Type: application/json
X-SecretKey: <TITLE_SECRET_KEY>
User-Agent: PostmanRuntime/7.16.3
Accept: */*
Cache-Control: no-cache
Postman-Token: ac145158-a991-4254-b96e-8e6addaf35cf,909634ad-e4a0-429e-a345-cf9a2ca65e60
Host: bda07.playfabapi.com
Accept-Encoding: gzip, deflate
Content-Length: 449
Connection: keep-alive
cache-control: no-cache
{
  "Token": "Mnx7ImkiOiIyMDE5LTA5LTAyVDE5OjMxOjIxLjcxNjA1NjVaIiwiaWRwIjoiUGxheUZhYiIsImUiOiIyMDE5LTA5LTAzVDE5OjMxOjIxLjcxNjA1NjVaIiwiaCI6IjlDRkYxNjBFRTczQjBCNyIsInMiOiIrK3pIQkZjYUdrT3FiUGpUOUk1ejlXNFJsWUNwR2d1TlFRYzlHZjhJTmZjPSIsImVjIjoidGl0bGVfcGxheWVyX2FjY291bnQhN0M5MTlBREIxRTZDMEI0NS9CREEwNy8yNTk2NTIxQTMxOTRENzNELzIxRjg0M0Q5NTY1Qzc1RTQvIiwiZWkiOiIyMUY4NDNEOTU2NUM3NUU0IiwiZXQiOiJ0aXRsZV9wbGF5ZXJfYWNjb3VudCJ9",
  "Password": "thepassword222"
}

And this is the response:

{
    "code": 400,
    "status": "BadRequest",
    "error": "AuthTokenDoesNotExist",
    "errorCode": 1327,
    "errorMessage": "The token Mnx7ImkiOiIyMDE5LTA5LTAyVDE5OjMxOjIxLjcxNjA1NjVaIiwiaWRwIjoiUGxheUZhYiIsImUiOiIyMDE5LTA5LTAzVDE5OjMxOjIxLjcxNjA1NjVaIiwiaCI6IjlDRkYxNjBFRTczQjBCNyIsInMiOiIrK3pIQkZjYUdrT3FiUGpUOUk1ejlXNFJsWUNwR2d1TlFRYzlHZjhJTmZjPSIsImVjIjoidGl0bGVfcGxheWVyX2FjY291bnQhN0M5MTlBREIxRTZDMEI0NS9CREEwNy8yNTk2NTIxQTMxOTRENzNELzIxRjg0M0Q5NTY1Qzc1RTQvIiwiZWkiOiIyMUY4NDNEOTU2NUM3NUU0IiwiZXQiOiJ0aXRsZV9wbGF5ZXJfYWNjb3VudCJ9 passed in does not exist."
}

If it helps, this is the response returned by the LoginWithEmailAdress:

{
    "code": 200,
    "status": "OK",
    "data": {
        "SessionTicket": "2596521A3194D73D-0-0-BDA07-8D72FDC22A8AB37-4NUxJAGLxxI2AmWYV60x4PtwBR4XRvVOr531HRvIpqg=",
        "PlayFabId": "2596521A3194D73D",
        "NewlyCreated": false,
        "SettingsForUser": {
            "NeedsAttribution": false,
            "GatherDeviceInfo": true,
            "GatherFocusInfo": true
        },
        "LastLoginTime": "2019-09-02T18:44:07.649Z",
        "EntityToken": {
            "EntityToken": "Mnx7ImkiOiIyMDE5LTA5LTAyVDE5OjMxOjIxLjcxNjA1NjVaIiwiaWRwIjoiUGxheUZhYiIsImUiOiIyMDE5LTA5LTAzVDE5OjMxOjIxLjcxNjA1NjVaIiwiaCI6IjlDRkYxNjBFRTczQjBCNyIsInMiOiIrK3pIQkZjYUdrT3FiUGpUOUk1ejlXNFJsWUNwR2d1TlFRYzlHZjhJTmZjPSIsImVjIjoidGl0bGVfcGxheWVyX2FjY291bnQhN0M5MTlBREIxRTZDMEI0NS9CREEwNy8yNTk2NTIxQTMxOTRENzNELzIxRjg0M0Q5NTY1Qzc1RTQvIiwiZWkiOiIyMUY4NDNEOTU2NUM3NUU0IiwiZXQiOiJ0aXRsZV9wbGF5ZXJfYWNjb3VudCJ9",
            "TokenExpiration": "2019-09-03T19:31:21.716Z",
            "Entity": {
                "Id": "21F843D9565C75E4",
                "Type": "title_player_account",
                "TypeString": "title_player_account"
            }
        }
    }
}

Is the Token format sent on the ResetPassword correct?

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Andres Belilos avatar image
Andres Belilos answered

I got this now, the Token needed is the one sent by the account recovery email. Now, my question is: is there any other call to update user password without going through that email? For example, we would like to let the user update the password from his profile within our platform.

,

On the documentation says that Token: The token of the player requesting the password reset. But then i realize that the token that is talking about is the one that the user received on the account recovery email. I guess this call is intended for that custom landing. My question is, is there a method to reset users password without having to send an email, for example directly form our platform?

1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Sarah Zhang avatar image Sarah Zhang commented ·

This feature that users reset passwords on the clients without having to send an email, it is not natively supported by PlayFab now. You can try to add a feature request about it.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.