API Tutorial Lesson 03 - Defining user passwords

Once a user has been registered, it is necessary he creates his password (before being able to log in). This lesson's code displays the password definition transaction, started with a call to the 'UserPasswordSetAllow' API and confirmed by a call to the 'UserPasswordSetCommit' API.

Defining a user's password requires three parameters: the user's e-mail address used for registration, the value to be used as the new password (which has to follow the rules for the 'password' type, implying in strong passwords) and the user's security token.

The user's security token is created by our transaction manager when the user is first registered (and optionally sent to him once inside an e-mail message to the address specified; hence avoiding users registering using fake e-mail addresses).

Users must save their security token in a safe place, as it will play the role of a digital identity on our cloud-based time-limited transaction manager: the user token will be used exactly in the same way as depicted in the sample code when the user wants to change an existing password.

Alternatively, the solution responsible for the user's registration can retrieve his user token immediately upon his registration by calling the 'UserTokenGet' API. Calls to the 'UserTokenGet' API only succeed if they come from the solution registering the user and before the user's password has been created. This alternative is also depicted in the figure and marked as “Alternative 2”.

US Patent Requested