Generating tokens for resetting the new password

Users with a higher level of role than the recipient can generate tokens with the token purpose as FORGOT_PWD_RESET for resetting new passwords. For example, a sponsor user has forgotten the password and also the security answers to reset the password. So, the System Administrator can generate a token to set a new password for the sponsor user.

URL to access

The following URL pattern is used by system administrators, sponsor administrators, or partner administrators to generate tokens:

https://<host>:<port>/<mrmws>/sponsors/<sponsorContext>/user/oneTimeToken/
Note: The URL can be different based on your deployment option. For more details about the URL, see URL for accessing IBM PEM and APIs.

Role level hierarchy to generate tokens for resetting new passwords

The following table displays the role level hierarchy and the permission to generate tokens for resetting new passwords.
Recipient role User role that can generate token
Sponsor System Administrator
Partner Sponsor Administrator or Sponsor LOB
Sponsor user System Administrator or Sponsor Administrator
Partner user Sponsor Administrator or Partner administrator

Token to reset new password for sponsors

Use system as the sponsor context to generate token for resetting the password for sponsors.

  • Body - userId=<user generating the token>&tokenPurpose=FORGOT_PWD_RESET&noOfDaysForExpiry=1&sponsorKey=<sponsor key>
  • Headers - Content-Type: application/x-www-form-urlencoded
  • Method - POST

This request requires basic authentication as a system administrator.

Token to reset new password for partners

Use the sponsor context where a partner is registered to generate token for resetting the password for the partner.

  • Body - userId=<user generating the token>&tokenPurpose=FORGOT_PWD_RESET&noOfDaysForExpiry=1&partnerKey=<partner key>
  • Headers - Content-Type: application/x-www-form-urlencoded
  • Method - POST

This request requires basic authentication as a sponsor administrator of the sponsor context where the partner is registered.

Token to reset new password for sponsor users

Use the sponsor context where a sponsor user is registered to generate token for resetting the password for the sponsor user.

  • Body - userId=<user generating the token>&tokenPurpose=FORGOT_PWD_RESET&noOfDaysForExpiry=1&participantKey=<participant key>
  • Headers - Content-Type: application/x-www-form-urlencoded
  • Method - POST

This request requires basic authentication as a sponsor administrator of the sponsor context where the sponsor user is registered.

Token to reset new password for partner users

Use the sponsor context where a partner user is registered to generate token for resetting the password for the partner user.

  • Body - userId=<user generating the token>&tokenPurpose=FORGOT_PWD_RESET&noOfDaysForExpiry=1&participantKey=<participant key>
  • Headers - Content-Type: application/x-www-form-urlencoded
  • Method - POST

This request requires basic authentication as a partner administrator whose partner key is used for the partner user registration.

URL to enter the new password

https://<host>:<port>/mrmws/sponsors/<sponsor>/user/password/resetForgotPasswordWithToken?token=<FORGOT_PWD_RESET token>&newPwd=<new password string>
Note: The URL can be different based on your deployment option. For more details about the URL, see URL for accessing IBM PEM and APIs.

A user must enter the new password.

Basic authentication is not required as the authentication is done by using the generated token.

Processing

When the API call is completed, the API returns a status message.