Rackspace Cloud customers have user accounts that allow them to access, configure, and manage their Rackspace Cloud services and account information. Each cloud account has an administrative owner (user-admin) and can also have one or more sub-user accounts that provide access to the Rackspace Cloud services available on the account.

Use the following API operations to to create, review, update, and delete user accounts, account information, and account credentials.

ℹ️

Note

Some of the functionality described in this section is provided by the OS-KSADM and RAX-KSKEY extensions to the core Identity API.

When these requests are issued by an account user, they act only upon that account user. To learn more about Identity account users, see Roles and role assignments.

Add user

POST /v2.0/users

This operation adds a user account to an existing Rackspace Cloud account.

User and Identity administrators can add accounts to an existing Rackspace Cloud account by using the Add user API operation. Administrators can add up to 100 users to an account.

In the Add user request, include the required values for the user name and email and specify optional attributes as needed.

You can specify an initial password for the user by including it in the request. If you don’t specify a password, the Identity service generates one and returns it in the response. In either case, make a note of the password so you can provide it to the user. After the user is created, you cannot retrieve the password by any means. However, you can update the password by using the Update user API operation or by changing the value from the User Management page in the Cloud Control panel.

ℹ️

Note

  • Users with the User Admin role can manage sub-user accounts through the API or from the Cloud Control panel. Use the Control panel to add the user’s full name, contact information, and configure account security.
  • If you try to create an account with the user name from an existing account, the Add user operation returns an HTTP error 409 message.
  • Domain multi-factor authentication (MFA) enforcement is set to RACKSPACE_MANDATED for all new dedicated and cloud accounts. This means that the new user-admin must configure MFA before using their account. This is done by getting a scoped token and using the token to configure MFA.

This table shows the possible response codes for this operation:

Response CodeNameDescription
201CreatedThe request has been fulfilled. The user has been created.
400Bad RequestThe request is missing one or more elements, or the values of some elements are invalid.
401UnauthorizedYou are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token.
403ForbiddenThe request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access.
404Not FoundThe requested resource was not found.
405Invalid MethodThe method specified in the request is not valid for the resource identified in the request URI.
409ConflictIndicates that the user you are trying to add already exists.
413Over LimitThe number of items returned is above the allowed limit.
415Bad Media TypeBad media type. This may result if the wrong media type is used in the API request. Check the content-type and accept headers included in the request.
503Service FaultService is not available.

Request

This table shows the URI parameters for the request:

NameTypeDescription
X-Auth-TokenString (Required)A valid admin authentication token.

This table shows the body parameters for the request:

NameTypeDescription
userObjectA user object that specifies the user account information.
user.usernameString (Required)The name to assign to the user. Specify a value that meets the following criteria:

Start with an alpha character.

Minimum length: 1 character

Can contain upper and lowercase characters.

Can contain any of the following special characters: - @ _
user.emailString (Required)Email address for the user account, for example [email protected]
user.enabledBoolean (Required)Indicates whether the user can authenticate after the user account is created. If no value is specified, the default value is specified: enabled=true.
user.OS-KSADM:passwordString (Optional)Specify an initial password for the user account. If this value is not specified, the Identity service automatically generates a password. Ensure that the value you specify meets the following criteria:

Length must be at least 8 characters; no maximum.

Can include uppercase, lower case, and numeric characters.

Can start with or include any of the following special characters: ~ ! @ # % ~ & _ - | ( ) { } [ ] : ; ” ‘ < >,. ? /

* Password cannot begin with a space, but it can contain a space.

Example: Add user: XML request

<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://docs.openstack..org/identity/api/v2.0"
      enabled="true"
      email="[email protected]"
      username="newUser"/>

Example: Add user: JSON request

{  
  "user": {  
    "username": "newUser",  
    "email": "newUser@example:.com",  
    "enabled": true  
  }  
}

Example: Add user with password request: XML

<?xml version="1.0" encoding="UTF-8"?>

<user xmlns:ns1="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
    xmlns:ns2="http://docs.openstack.org/identity/api/v2.0"
    username="newUser"
    email="newUser@example:.com"
    enabled="true"
    ns1:password="Password48"/>

Example: Add user with password request: JSON

{  
    "user": {  
            "username": "newUser",  
            "email": "newUser@example:.com",  
            "enabled": true,  
            "OS-KSADM:password":"Password48"  
        }  
}

Response

This table shows the body parameters for the response:

NameTypeDescription
userObjectA user object that returns the user account information.
user.RAX-AUTH:defaultRegionStringSpecifies the default region for the user account. This value is inherited from the user administrator when the account is created..
user.RAX-AUTH:domainIdStringIdentifies the domain that contains the user account. This value is inherited from the user administrator when the account is created.
user.idStringA unique system- generated ID for the user account. The ID generated for the account cannot be modified.
user.usernameStringThe name that the user can use to authenticate to the Rackspace Cloud. You can change this value through the API or the Cloud Control panel.
user.OS-KSADM:passwordStringThe password value that the user needs for authentication. If the Add user request included a password value, this attribute is not included in the response.
user.emailStringEmail address for the user account, for example [email protected]
user.enabledBooleanIndicates whether the user has permission to authenticate using the user name and password credentials for the new user. This value defaults to enabled=true.

Example: Add user: XML response

<?xml version="1.0" encoding="UTF-8"?>

<user xmlns="http://docs.openstack.org/identity/api/v2.0"
      xmlns:ns2="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
      xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
      id="123456" username="newUser"
      enabled="true"
      email="newUser@example:.com"
      RAX-AUTH:defaultRegion="DFW"
      RAX-AUTH:domainId="5830280" >  
</user>

Example: Add user: JSON response

{  
  "user": {  
    "RAX-AUTH:defaultRegion": "DFW",  
    "RAX-AUTH:domainId": "5830280",  
    "id": "123456",  
    "username": "newUser",  
    "email": "newUserh@example:.com",  
    "enabled": true  
  }  
}

List users

GET /v2.0/users

This operation returns a list of users with detailed account information about each user including email, name, user ID, Support PIN state, account configuration, and status information.

  • If this request is issued by a user holding the Identity user admin role ( identity:user-admin ), it returns a list of all users for the domain. To find a single user, include the name in the request.
  • If this request is issued by a user holding the Identity user manage role (identity:user-manage), it returns a list of all users with the Identity user role (identity:default) within their domain.
  • If this request is issued by a user holding the Identity user role (identity:default), the operation returns only information about the user account.

ℹ️

Note

  • The structure of the response is based on the presence of the name query parameter. The default response is a user list. A user object is returned if the name query parameter is provided.
  • The extended attribute RAX-AUTH:passwordExpiration is returned only when getting a user by username.

This table shows the possible response codes for this operation:

Response CodeNameDescription
200OKThe request has succeeded.
400Bad RequestThe request is missing one or more elements, or the values of some elements are invalid.
401UnauthorizedYou are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token.
403ForbiddenThe request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access.
404Not FoundThe requested resource was not found.
405Invalid MethodThe method specified in the request is not valid for the resource identified in the request URI.
413Over LimitThe number of items returned is above the allowed limit.
503Service FaultService is not available.

Request

This table shows the header and URI parameters for the request:

NameTypeDescription
X-Auth-TokenHeader String (Required)A valid admin authentication token.

This table shows the query parameters for the request:

NameTypeDescription
nameString (Optional)Specify the user name to look up.
emailString (Optional)Specify the email address to look up.

This operation does not accept a request body.

Example: List users: HTTP request

GET /v2.0/users/12342b4ddb594819b697d0048614c117 HTTP/1.1  
Host: identity.api.rackspacecloud.com  
Accept: application/json  
X-Auth-Token: 0cb090705e82443fa71471e9c3456789  
Content-type: application/xml

Example: List users: HTTP request

GET /v2.0/users/12342b4ddb594819b697d0048614c117 HTTP/1.1  
Host: identity.api.rackspacecloud.com  
Accept: application/json  
X-Auth-Token: 0cb090705e82443fa71471e9c3456789  
Content-type: application/json

Response

This table shows the body parameters for the response:

NameTypeDescription
usersObject (Required)Returns the collection of users who match the specification in the List user API request.
users.userObject (Required)A user object that provides user account information.
user.**RAX-AUTH:phonePinState**String (Required)The Support PIN state.

INACTIVE The user does not have a Support PIN.

LOCKED The user has a Support PIN, but the PIN has been locked due to excessive failed verification attempts. The user must unlock the PIN before PIN verifications can occur.

* ACTIVE The user has a Support PIN against which verifications can be performed.
user.RAX-AUTH:defaultRegionString (Optional)The default region that the user is assigned to. Must be one of the regions available in the service catalog.
user.RAX-AUTH:domainIdString (Optional)The ID for the domain that the user account has been assigned to.
user.RAX-AUTH:multiFactorEnabledBoolean (Optional)If an account has been configured to use multi-factor authentication, this field indicates if multi-factor authentication is currently enabled or disabled.
user.RAX-AUTH:multiFactorStateString (Optional)This extended attribute indicates if a multi-factor-enabled user account is locked as a result of failed authentication attempts. If the account has been locked at any point, the value is either LOCKED or ACTIVE. User administrators can use the Update multi-factor authentication settings on account operation to restore access to a locked account.
user.RAX-AUTH:userMultiFactorEnforcementLevelString (Optional)If present, this extended attribute specifies the multi-factor authentication enforcement policy that applies to the specified account.

REQUIRED The user must use multi-factor authentication to log in to their Rackspace Cloud account.

OPTIONAL. The user has the option to authenticate using multi-factor authentication.

* DEFAULT. The user multi-factor authentication requirements are determined by the domain level enforcement setting for multi-factor authentication.
user.RAX-AUTH:contactIdString (Optional)The core contact ID.
user.RAX-AUTH:passwordExpirationString (Optional)If present, this extended attribute specifies the time when the user’s current password will expire.

Example: List users: HTTP response

HTTP/1.1 200 OK  
Content-Type: application/xml

Example: List users: XML response

<?xml version="1.0" encoding="UTF-8"?>

<users
      xmlns:atom="http://www.w3.org/2005/Atom"
      xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
      xmlns="http://docs.openstack.org/identity/api/v2.0"
      xmlns:ns4="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
      xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
      xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
      xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
      xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0" >
  <user
        rax-auth:domainId="5830280"
        rax-auth:defaultRegion="DFW"
        rax-auth:multiFactorEnabled="true"
        rax-auth:multiFactorState="ACTIVE"
        rax-auth:userMultiFactorEnforcementLevel="OPTIONAL"
        rax-auth:multi
        id="123456"
        username="jqsmith"
        email="[email protected]"
        enabled="true"/>

  <user
        rax-auth:domainId="5830280"
        rax-auth:defaultRegion="DFW"
        rax-auth:multiFactorEnabled="false"
        id="938439"
        username="poejo"
        email="[email protected]"
        enabled="true"/>
</users>

Example: Get user by username: XML response

<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="[http://docs.openstack.org/identity/api/v2.0](<>)"  
      xmlns:os-ksec2="[http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0](<>)"  
      xmlns:rax-ksqa="[http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0](<>)"  
      xmlns:rax-kskey="[http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0](<>)"  
      xmlns:rax-auth="[http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0](<>)"  
      xmlns:atom="[http://www.w3.org/2005/Atom](<>)"  
      xmlns:ns7="[http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0](<>)"  
      xmlns:os-ksadm="[http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0](<>)"  
      xmlns:ns9="[http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0](<>)"
  created="2018-02-08T13:37:06.527-06:00"
  enabled="true"
  email="[email protected]"
  username="user459"
  id="cc0068ca9558433bb14472dbd16dde2f"
  rax-auth:passwordExpiration="2018-02-09T13:39:53.685-06:00"
  rax-auth:multiFactorEnabled="false"
  rax-auth:defaultRegion="ORD"
  rax-auth:domainId="4185"/>

Example: List users: HTTP response

HTTP/1.1 200 OK  
Content-Type: application/json

Example: List users: JSON response

{  
  "users": [  
    {  
      "rax-auth:domainId":"5830280"  
      "id": "123456",  
      "enabled": true,  
      "username": "jqsmith",  
      "email": "[email protected]",  
      "rax-auth:defaultRegion":"DFW",  
      "rax-auth:phonePinState": "ACTIVE",  
      "rax-auth:multiFactorEnabled":"true",  
      "rax-auth:multiFactorState":"ACTIVE",  
      "rax-auth:userMultiFactorEnforcementLevel":"OPTIONAL"  
    },  
    {  
      "rax-auth:domainId":"5830280"  
        "id": "938439",  
        "enabled": false,  
        "username": "poejo",  
        "email": "[email protected]",  
        "rax-auth:defaultRegion":"DFW",  
        "rax-auth:multiFactorEnabled":"false"  
      },  
    }  
  ]  
}

Example: Get user by username: JSON response

{  
    "user": {  
        "RAX-AUTH:defaultRegion": "ORD",  
        "RAX-AUTH:domainId": "4185",  
        "RAX-AUTH:multiFactorEnabled": false,  
        "RAX-AUTH:passwordExpiration": "2018-02-09T13:39:53.685-06:00",  
        "rax-auth:phonePinState": "ACTIVE",  
        "created": "2018-02-08T13:37:06.527-06:00",  
        "email": "[email protected]",  
        "enabled": true,  
        "id": "cc0068ca9558433bb14472dbd16dde2f",  
        "username": "user459"  
    }  
}

Get user by id

GET /v2.0/users/{userId}

This operation returns the following detailed account information for a specific user, by user id: email address, user name, user id, status, default region, and domain id.

Note

If this request is issued by a user holding the admin role (identity:user-admin), the specific user’s information is returned only if that user is associated with the same tenant as the requester’s user-admin token.

If this request is issued by a user holding the user role (identity:default), the response only includes the user account information for the user who submitted the request.

The user’s Support PIN is only returned if the caller is retrieving their own user account.

This table shows the possible response codes for this operation:

Response CodeNameDescription
200OKThe operation completed successfully.
400Bad RequestThe request is missing one or more elements, or the values of some elements are invalid.
401UnauthorizedYou are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token.
403ForbiddenThe request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access.
404Not FoundThe requested resource was not found.
405Invalid MethodThe method specified in the request is not valid for the resource identified in the request URI.
413Over LimitThe number of items returned is above the allowed limit.
503Service FaultService is not available.

Request

This table shows the header and URI parameters for the request:

NameTypeDescription
X-Auth-TokenHeader String (Required)A valid admin authentication token.
{userId}URI String (Required)A user ID assigned by system when user is added.

This operation does not accept a request body.

Response

This table shows the body parameters for the response:

NameTypeDescription
usersObject (Required)Returns the collection of users who match the specification in the List user API request.
users.userObject (Required)A user object that provides user account information.
user.RAX-AUTH:defaultRegionString (Optional)The default region that the user is assigned to. Must be one of the regions available in the service catalog.
user.RAX-AUTH:domainIdString (Optional)The ID for the domain that the user account has been assigned to.
user.RAX-AUTH:phonePinString (Optional)A user’s Support PIN.
user.RAX-AUTH:phonePinStateString (Required)The Support PIN state.

INACTIVE The user does not have a Support PIN.

LOCKED The user has a Support PIN, but the PIN has been locked due to excessive failed verification attempts. The user must unlock the pin before PIN verifications can occur.

* ACTIVE The user has a Support PIN against which verifications can be performed.
user.RAX-AUTH:multiFactorEnabledBoolean (Optional)If an account has been configured to use multi-factor authentication, this field indicates if multi-factor authentication is currently enabled or disabled.
user.RAX-AUTH:multiFactorStateString (Optional)This extended attribute indicates if a multi-factor-enabled user account is locked as a result of failed authentication attempts. If the account has been locked at any point, the value is either LOCKED or ACTIVE. User administrators can use the update multi-factor authentication settings on account operation to restore access to a locked account.
user.RAX-AUTH:userMultiFactorEnforcementLevelString (Optional)If present, this extended attribute specifies the multi-factor authentication enforcement policy that applies to the specified account.

REQUIRED The user must use multi-factor authentication to log in to their Rackspace Cloud account.

OPTIONAL. The user has the option to authenticate using multi-factor authentication.

* DEFAULT. The user multi-factor authentication requirements are determined by the domain level enforcement setting for multi-factor authentication.
user.RAX-AUTH:contactIdString (Optional)The core contact ID.
user.RAX-AUTH:passwordExpirationString (Optional)If present, this extended attribute specifies the time when the user’s current password will expire.

Example: Get user by ID HTTP response header: XML

HTTP/1.1 200 OK  
Content-Type: application/xml

Example: Get user by ID: XML response

<?xml version="1.0" encoding="UTF-8"?>
<user
      xmlns="http://docs.openstack.org/identity/api/v2.0"
      xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
      xmlns:atom="http://www.w3.org/2005/Atom"
      xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
      xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
      xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
      xmlns:ns7="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
      xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
      rax-auth:contactId="1234"
      rax-auth:domainId="5830280"
      rax-auth:defaultRegion="DFW"
      rax-auth:multiFactorEnabled="true"
      rax-auth:multiFactorState="ACTIVE"
      rax-auth:userMultiFactorEnforcementLevel="OPTIONAL"
      rax-auth:passwordExpiration="2018-02-09T13:39:53.685-06:00"
      id="123456"
      username="jqsmith"
      email="[email protected]"
      enabled="true"/>

Example: Get user by ID HTTP response header: JSON

HTTP/1.1 200 OK  
Content-Type: application/json

Example: Get user by ID response: JSON

{  
  "user":  
    {  
      "rax-auth:contactId":"1234"  
      "rax-auth:domainId":"5830280"  
      "id": "123456",  
      "enabled": true,  
      "username": "jqsmith",  
      "email": "[email protected]",  
      "rax-auth:defaultRegion":"DFW",  
      "rax-auth:phonePin":"914737",  
      "rax-auth:phonePinState": "ACTIVE",  
      "rax-auth:multiFactorEnabled":"true",  
      "rax-auth:multiFactorState":"ACTIVE",  
      "rax-auth:userMultiFactorEnforcementLevel":"OPTIONAL"  
      "rax-auth:passwordExpiration":"2018-02-09T13:39:53.685-06:00"  
    }  
}

Update user information and password

POST /v2.0/users/{userId}

This operation updates the user information for the account associated with the specified user id. Before you submit the update request, use the Get user by id operation to verify that the user name, email account, and status associated with userId match the account you want to update.

Only include those user data elements that you wish to modify in the request body. For example, if you only need to update the user’s email, for don’t include the other body parameters like id, enabled, or rax-auth:domainId.

ℹ️

Note

  • Users who hold the admin role can update users who hold the user role (identity:default) or the admin role (identity:user-admin) for the same tenant.
  • Users with the identity:user-admin or identity:user-manage role can update user information for users within their domain and with the identity:default role
  • Administrators can change the default region for another user, but the new value must be one of the regions listed for a Cloud Compute endpoint in the service catalog.
  • Only the RAX-AUTH:contactId attribute can be updated for a federated user.
  • The RAX-AUTH:phonePin is only returned if the caller is updating their own user account and a Support PIN exists on the account.
  • Users with the identity:user-manage-limited can update any sub-users’ email and enabled status within their domain.

This table shows the possible response codes for this operation:

Response codeNameDescription
200OKThe request has been fulfilled. The user has been updated.
400Bad RequestThe request is missing one or more elements, or the values of some elements are invalid.
401UnauthorizedYou are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token.
403ForbiddenThe request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access.
404Not FoundThe requested resource was not found.
405Invalid MethodThe method specified in the request is not valid for the resource identified in the request URI.
406Not AcceptableThe server cannot send data in a format requested.
413Over LimitThe number of items returned is above the allowed limit.
503Service FaultService is not available.

Request

This table shows the header parameters for the request:

NameTypeDescription
X-Auth-TokenString (Required)A valid authentication token.
{userId}String (Required)A user ID assigned by system when a user is added.

This table shows the URI parameters for the request:

NameTypeDescription
{userId}String (Required)A user ID assigned by system when a user is created.

This table shows the body parameters for the request:

NameTypeDescription
userObjectA user object that specifies the user account information.
user.usernameString (Optional)The name to assign to the user.
user.emailString (Optional)Email address for the user account.
user.enabledString (Optional)Indicates whether the user is enabled (true) or disabled (false). Users cannot update the enabled status on their own account.
user.RAX-AUTH:defaultRegionString (Optional)The default region that the user is assigned to. Must be one of the regions available in the service catalog.
user.RAX-AUTH:phonePinString (Optional)Specify a new Support PIN for the user account. Ensure that the value specified meets the following criteria:

* Use six numeric digits (such as 871694). A Support PIN cannot include more than three repeating numbers. (444 is OK, but 4444 is not.) A Support PIN cannot include more than three sequential numbers. (234 is OK, but 2345 is not.)
user.OS-KSADM:passwordString (Optional)Specify a new password for the user account. Ensure that the value specified meets the following criteria:

* Password must be at least 8 characters in length, must contain at least one uppercase letter, one lowercase letter, and one numeric character.
user.RAX-AUTH:contactIdString (Optional)The core contact ID.

Example: Update user HTTP request header: XML

POST /v2.0/users/123456 HTTP/1.1  
Host: identity.api.rackspacecloud.com  
Accept: application/xml  
Content-type: application/xml  
X-Auth-Token: eaf8345057414cd397d0543123456789

Example: Update user HTTP request header: JSON

POST /v2.0/users/123456 HTTP/1.1  
Host: identity.api.rackspacecloud.com  
Accept: application/json  
Content-type: application/json  
X-Auth-Token: eaf8345057414cd397d0543123456789

Example: Update user request: XML

<?xml version="1.0" encoding="UTF-8"?>

<user xmlns="http://docs.openstack.org/identity/api/v2.0"
      xmlns:ns2="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
      xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
      username="jqsmith"
      enabled="true"
      email="[email protected]"
      RAX-AUTH:contactId="12345">  
</user>

Example: Update user request: JSON

{  
  "user": {  
    "username": "jqsmith",  
    "email": "[email protected]",  
    "enabled": true,  
    "RAX-AUTH:contactId": "1234"  
  }  
}

Example: Update user password HTTP request header: XML

POST /v2.0/users/123456 HTTP/1.1  
Host: identity.api.rackspacecloud.com  
Accept: application/xml  
Content-type: application/xml  
X-Auth-Token: eaf8345057414cd397d0543123456789

Example: Update user password HTTP request header: JSON

POST /v2.0/users/123456 HTTP/1.1  
Host: identity.api.rackspacecloud.com  
Accept: application/xml  
Content-type: application/json  
X-Auth-Token: eaf8345057414cd397d0543123456789

Example: Update user password request: XML

<user username="abc123"
    ns1:password="ungu355ab13"
    xmlns:ns1="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
    xmlns:ns2="http://docs.openstack.org/identity/api/v2.0" />

Example: Update user password request: JSON

{  
    "user": {  
            "username": "abc123",  
            "OS-KSADM:password":"ungu355ab13"  
        }  
}

Response

Example: Update user information and password: XML response

<?xml version="1.0" encoding="UTF-8"?>

<user xmlns="http://docs.openstack.org/identity/api/v2.0"
      xmlns:ns2="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
      xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
      id="123456" username="jqsmith"
      enabled="true"
      email="[email protected]"
      RAX-AUTH:defaultRegion="DFW"
      RAX-AUTH:domainId="5830280"
      RAX-AUTH:phonePin="125897"
      RAX-AUTH:contactId="1234"
      RAX-AUTH:multiFactorEnabled="true" >  
</user>

Example: Update user information and password: JSON response

{  
  "user": {
    "id": "123456",
    "username": "jqsmith",
    "email": "[email protected]",
    "enabled": true,
    "RAX-AUTH:defaultRegion":"DFW",
    "RAX-AUTH:domainId":"5830280",
    "RAX-AUTH:phonePin":"136983",
    "RAX-AUTH:multiFactorEnabled": true,
    "RAX-AUTH:contactId":"1234"
  }  
}

Delete a user

DELETE /v2.0/users/{userId}

Rackspace Cloud account administrators (identity:user-admin) can use the Delete user operation to remove a user from a Rackspace Cloud account. Administrators can only delete user accounts that are assigned the user role (identity:default) with the same tenant id as the Administrator account.

To delete a user, specify the user ID in the request. If you know the user name but not id, use the List users operation to look up account information by name.

ℹ️

Note

  • Users can always use this service to delete themselves with the exception of identity:user-admin users.
  • Users with the identity:service-admin role can delete users with the identity:admin role, users with the identity:user-admin role, and sub-users.
  • Users with the identity:admin role can delete users with the identity:user-admin role and sub-users.
  • Users with the identity:user-admin and identity:user-manage role can delete users within their domain and with the identity:default role.

⚠️

Warning

Don’t delete the wrong user! Before submitting the Delete request, use the List users or Get user by id operation to review the user account information and confirm that you are working with the correct account.

This table shows the possible response codes for this operation:

Response CodeNameDescription
204No contentThe server fulfilled the request but does not need to return a body.
400Bad RequestThe request is missing one or more elements, or the values of some elements are invalid.
401UnauthorizedYou are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token.
403ForbiddenThe request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access.
404Not FoundThe requested resource was not found.
405Invalid MethodThe method specified in the request is not valid for the resource identified in the request URI.
413Over LimitThe number of items returned is above the allowed limit.
503Service FaultService is not available.

Request

This table shows the header and URI parameters for the request:

NameTypeDescription
X-Auth-TokenHeader String (Required)A valid admin authentication token.
{userId}URI String String (Required)A user ID assigned by system when user is added.

Example: Delete user HTTP request header: XML

DELETE /v2.0/users/123456 HTTP/1.1  
Host: identity.api.rackspacecloud.com  
Accept: application/xml  
Content-type: application/xml  
X-Auth-Token: eaf8345057414cd397d0543123456789

Example: Delete user HTTP request header: JSON

POST /v2.0/users/123456 HTTP/1.1  
Host: identity.api.rackspacecloud.com  
Accept: application/json  
Content-type: application/json  
X-Auth-Token: eaf8345057414cd397d0543123456789

This operation does not accept a request body.

Response

This operation does not return a response body.

Get accessible domains for user

POST /v2.0/users/{userId}/RAX-AUTH/domains

Use the get accessible domains for user operation to retrieve the list of domains a user has access to.

ℹ️

Note

  • Users can always list their own accessible domains.
  • Users with the identity:service-admin role can list accessible domains for users with the identity:admin role, users with the identity:user-admin role, and sub-users.
  • Users with the identity:admin role can list accessible domains for users with the identity:user-admin role and sub-users.
  • Users with the identity:user-admin or identity:user-manage role can list accessible domains for users within their domain and with the identity:default role.

Request

This table shows the header and URI parameters for the request:

NameTypeDescription
X-Auth-TokenHeader String (Required)A valid authentication token.
{userId}URI String (Required)A user ID assigned by system when user is added.

Response

The following table shows the body parameters for the retrieve domains response:

NameTypeDescription
RAX-AUTH:domainsObject (Required)The collection of domains that the authenticated user has permission to view.
RAX-AUTH:domains.RAX-AUTH:domainObject (Required)An object that contains the domain configuration attribute settings.
RAX-AUTH:domain.idString (Required)The unique id for the domain.
RAX-AUTH:domain.sessionInactivityTimeoutString (Required)Session inactivity timeout property used across all Rackspace UIs.
RAX-AUTH:domain.enabledBoolean (Optional)Indicates whether the domain is enabled.
RAX-AUTH:domain.descriptionString (Optional)The domain description.
RAX-AUTH:domain.nameString (Optional)The domain name.
RAX-AUTH:domain.rackspaceCustomerNumberString (Optional)The Rackspace customer number.
RAX-AUTH:domain.domainMultiFactorEnforcementLevelString (Optional)If present, this extended attribute specifies the multi-factor authentication enforcement policy that applies to accounts within the specified domain.

REQUIRED - Users within the domain must use multi-factor authentication to access their account.

OPTIONAL - Users have the option to authenticate using multi-factor authentication.

Example: Get accessible domains for user: XML response

< HTTP/1.1 200 OK  
< vary:  Accept, Accept-Encoding, X-Auth-Token  
< Content-Type: application/xml  
< Content-Length: 824
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<rax-auth:domains  
    xmlns="[http://docs.openstack.org/identity/api/v2.0](<>)"  
    xmlns:rax-auth="[http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0](<>)"  
    xmlns:atom="[http://www.w3.org/2005/Atom](<>)"  
    xmlns:ns4="[http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0](<>)"  
    xmlns:rax-ksqa="[http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0](<>)"  
    xmlns:os-ksadm="[http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0](<>)"  
    xmlns:rax-kskey="[http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0](<>)"  
    xmlns:os-ksec2="[http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0](<>)"  
    xmlns:ns9="[http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0">](<>)  
    <rax-auth:domain sessionInactivityTimeout="PT15M" enabled="true" id="123" name="GCorp" rackspaceCustomerNumber="RCN-123-123-123">  
        <rax-auth:description>A very good customer\</rax-auth:description>  
    </rax-auth:domain>  
</rax-auth:domains>

Example: Get accessible domains for user: JSON response

< HTTP/1.1 200 OK  
< vary:  Accept, Accept-Encoding, X-Auth-Token  
< Content-Type: application/json  
< Content-Length: 136

{  
    "RAX-AUTH:domains": [  
        {  
            "enabled": true,  
            "id": "123",  
            "name": "GCorp",  
            "description": "A very good customer",  
            "rackspaceCustomerNumber": "RCN-123-123-123"  
        }  
    ]  
}

Get user admin

GET /v2.0/users/{userId}/RAX-AUTH/admins

Account users with the identity:user-admin or identity:default role can use this operation to identify the administrator or point of contact for a user account if they have questions or need assistance regarding user or role management.

This request returns the following identifying information about the administrator: domain name, domain ID, email address, status, user ID and user name.

This table shows the possible response codes for this operation:

Response CodeNameDescription
200OKThe request succeeded.
400Bad RequestThe request is missing one or more elements, or the values of some elements are invalid.
401UnauthorizedYou are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token.
403ForbiddenThe request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access.
404Not FoundThe requested resource was not found.
405Invalid MethodThe method specified in the request is not valid for the resource identified in the request URI.
413Over LimitThe number of items returned is above the allowed limit.
503Service FaultService is not available.

Request

This table shows the header and URI parameters for the request:

NameTypeDescription
X-Auth-TokenHeader String (Required)A valid admin authentication token.
{userId}URI String (Required)The unique, system- generated user ID for an account.

This operation does not accept a request body.

Response

Example: Get user admin response: XML

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<users xmlns="http://docs.openstack.org/identity/api/v2.0"
    xmlns:ns2="http://www.w3.org/2005/Atom"
    xmlns:os-ksadm="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
    xmlns:rax-ksqa="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
    xmlns:rax-kskey="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
    xmlns:os-ksec2="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0"
    xmlns:rax-auth="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0">  
    <user id="10022879"
        username="JuserAdmin"
        enabled="true"
        display-name="JuserAdmin"
        rax-auth:defaultRegion="USA"
        rax-auth:domainId="5701091"/>  
</users>

**Example: Get user admin response: JSON**

{  
    "users": [  
        {  
            "RAX-AUTH:defaultRegion": "",  
            "RAX-AUTH:domainId": "12345",  
            "email": "[email protected]",  
            "enabled":"true",  
            "id": "10022879",  
            "username": "JuserAdmin"  
        }  
    ]  
}

Add credential to user

POST /v2.0/users/{userId}/OS-KSADM/credentials

ℹ️

Note

This Add API-key credentials to a user operation is deprecated. Instead, use Reset API Key

Use this API operation to add a password credential to a user account.

To add a password, specify the user’s ID in the request. If you know the user’s name but not the user’s ID, use List users operation to find the ID.

This table shows the possible response codes for this operation:

Response CodeNameDescription
201CreatedThe request has been fulfilled. The credential has been added.
400Bad RequestThe request is missing one or more elements, or the values of some elements are invalid.
401UnauthorizedYou are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token.
403ForbiddenThe request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access.
404Not FoundThe requested resource was not found.
405Invalid MethodThe method specified in the request is not valid for the resource identified in the request URI.
413Over LimitThe number of items returned is above the allowed limit.
415Bad Media TypeBad media type. This may result if the wrong media type is used in the API request. Check the content-type and accept headers included in the request.
503Service FaultService is not available.

Request

This table shows the header and URI parameters for the request:

NameTypeDescription
X-Auth-TokenHeader String (Required)A valid admin authentication token.
{userId}URI String (Required)A user ID assigned by system when user is added.

This operation does not accept a request body.

Example: Add credential to user: XML request

<?xml version="1.0" encoding="UTF-8"?>

 <passwordCredentials xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns="http://docs.openstack.org/identity/api/v2.0" username="test_user" password="resetpass"/>

Example: Add credential to user: JSON request

{  
    "passwordCredentials": {  
        "username": "test_user",  
        "password": "resetpass"  
    }  
}

Response

Example: Add credential to user: JSON response

{  
    "passwordCredentials": {  
        "username": "test_user",  
        "password": "resetpass"  
    }  
}

Example: Add credential to user: XML response

<?xml version="1.0" encoding="UTF-8"?>

 <passwordCredentials xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns="http://docs.openstack.org/identity/api/v2.0" username="test_user" password="resetpass"/>

Get user credentials

GET /v2.0/users/{userId}/OS-KSADM/credentials/RAX-KSKEY:apiKeyCredentials

Use this operation to list API key credentials for a specified user, include the user ID in the request. If you don’t know the ID, use the List users operation to find it.

ℹ️

Note

  • Users can always use this service to retrieve API key credentials for themselves.
  • Users with the identity:service-admin role can retrieve API key credentials for users with the identity:admin role, users with the identity:user-admin role, and sub-users.
  • Users with the identity:admin role can retrieve API key credentials for users with the identity:user-admin role and sub-users.
  • Users with the identity:user-admin or identity:user-manage role can retrieve API key credentials for users within their domain and with the identity:default role.

This table shows the possible response codes for this operation:

Response CodeNameDescription
200OKThe request completed successfully.
400Bad RequestThe request is missing one or more elements, or the values of some elements are invalid.
401UnauthorizedYou are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token.
403ForbiddenThe request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access.
404Not FoundThe requested resource was not found.
405Invalid MethodThe method specified in the request is not valid for the resource identified in the request URI.
413Over LimitThe number of items returned is above the allowed limit.
503Service FaultService is not available.

Request

This table shows the header and URI parameters for the request:

NameTypeDescription
X-Auth-TokenHeader String (Required)A valid admin authentication token.
{userId}URI String (Required)A user ID assigned by system when user is added.

This operation does not accept a request body.

Example: List API key credentials: XML request header

GET /users/00001e59ccb741dfafbba59b58123456/OS-KSADM/credentials/RAX-KSKEY:apiKeyCredentials HTTP/1.1  
Host: v2.0  
Accept: application/xml  
Content-type: application/xml  
X-Auth-Token: AAA3IQ7zIvKbovOwFOyz4tZfOXy3O34UI12XUg8nusYS...

Example: List API key credentials: JSON request header

GET /users/00001e59ccb741dfafbba59b58123456/OS-KSADM/credentials HTTP/1.1  
Host: v2.0  
Accept: application/json  
Content-type: application/json  
X-Auth-Token: AAA3IQ7zIvKbovOwFOyz4tZfOXy3O34UI12XUg8nusYS...

Response

Example: Get user API key credentials: XML response

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<apiKeyCredentials
  xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
  xmlns:ns2="http://www.w3.org/2005/Atom"
  xmlns:ns3="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
  xmlns:ns4="http://docs.openstack.org/identity/api/v2.0"
  xmlns:ns5="http://docs.rackspace.com/identity/api/ext/RAX-KSGRP/v1.0"
  xmlns:ns6="http://docs.rackspace.com/identity/api/ext/RAX-KSQA/v1.0"
  xmlns:ns7="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
  xmlns:ns8="http://docs.openstack.org/identity/api/ext/OS-KSEC2/v1.0" username="1406847123456" apiKey="cffeab0e6d0d472f84b5c20c70123456"/>

Example: Get user API key credentials: JSON response

{  
    "RAX-KSKEY:apiKeyCredentials": {  
        "username": "1406847123456",  
        "apiKey": "cffeab0e6d0d472f84b5c20c70123456"  
    }  
}

Reset API key for user

POST /v2.0/users/{userId}/OS-KSADM/credentials/RAX-KSKEY:apiKeyCredentials/RAX-AUTH/reset

Use the Reset API Key operation to reset the API key on the specified user account.

Identity users and user administrators should routinely reset passwords and API keys to prevent unauthorized access to Rackspace Cloud accounts and services.

This reset operation returns the new API key for the user account. Unlike updating the password, the API key reset does not revoke existing tokens. Identity user administrators can use the Revoke Token operation to invalidate the token for a user.

ℹ️

Note

  • Users can always use this service to reset the API key credentials for themselves.
  • Users with the identity:service-admin role can reset API key credentials for users with the identity:admin role, users with the identity:user-admin role, and sub-users.
  • Users with the identity:admin role can reset API key credentials for users with the identity:user-admin role and sub-users.
  • Users with the identity:user-admin and identity:user-manage role can reset API key credentials for users within their domain and with the identity:default role.

This table shows the possible response codes for this operation:

Response CodeNameDescription
200OKThe request succeeded.
400Bad RequestThe request is missing one or more elements, or the values of some elements are invalid.
401UnauthorizedYou are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token.
403ForbiddenThe request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access.
404Not FoundThe requested resource was not found.
405Invalid MethodThe method specified in the request is not valid for the resource identified in the request URI.
413Over LimitThe number of items returned is above the allowed limit.
415Bad Media TypeBad media type. This may result if the wrong media type is used in the API request. Check the content-type and accept headers included in the request.
503Service FaultService is not available.

Request

This table shows the header and URI parameters for the request:

NameTypeDescription
X-Auth-TokenHeader String (Required)A valid admin authentication token.
{userId}URI String String (Required)A user ID assigned by system when user is added.

This operation does not accept a request body.

Response

Example: Reset API key for user: XML response

<?xml version="1.0" encoding="UTF-8"?>
<apiKeyCredentials apiKey="aaaaa-bbbbb-ccccc-12345678"
     username="jqsmith"
     xmlns="http://docs.rackspace.com/identity/api/ext/RAX-KSKEY/v1.0"
     xmlns:OS-KSADM="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
     xmlns:atom="http://www.w3.org/2005/Atom"
     xmlns:identity="http://docs.openstack.org/identity/api/v2.0"/>

Example: Reset API key for user: JSON response

{  
  "RAX-KSKEY:apiKeyCredentials": {  
    "username": "jqsmith",  
    "apiKey": "aaaaa-bbbbb-ccccc-12345678"  
  }  
}

Forgot password

POST /v2.0/users/RAX-AUTH/forgot-pwd

Use the Forgot password operation to get a password reset token delivered to the email address associated with your account.

You can use the forgot password operation to reset the password through the Identity API or Rackspace Control Panel.

  • To reset the password by using the API, submit the forgot password request without the portal attribute. After you submit the request, the user receives an email that contains a reset password token with directions to use it in the Reset password operation.
  • To reset the password through the user interface, include the portal attribute in the forgot password API request. After you submit the request, the user receives an email that contains a link to the Rackspace user interface to change the password.

ℹ️

Note

  • The reset token has a limited lifespan. If the reset operation fails, submit another forgot password request to generate a new token.
  • An email is only sent if the username matches the existing user.
  • Forgot password operation will always return 204.
  • Resetting the password through the user interface is a restricted feature for Rackspace administrator and support users.

Request

This table shows the body parameters for the request:

NameTypeDescription
RAX-AUTH:forgotPasswordCredentialsObjectProvides username and portal for forgot password.
RAX-AUTH:forgotPasswordCredentials.usernameString (Required)The user name of the Rackspace Cloud account.
RAX-AUTH:forgotPasswordCredentials.portalString (Optional)Authentication portal. This is a restricted value provided by Rackspace.

Example: Forgot password: XML request

POST /v2.0/users/RAX-AUTH/forgot-pwd HTTP/1.1  
Host: identity.api.rackspace.com  
Content-Type: application/xml
<?xml version="1.0" encoding="UTF-8"?>

<forgotPasswordCredentials username="billybob"
     xmlns="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
     xmlns:OS-KSADM="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
     xmlns:OS-KSCATALOG="http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0"
     xmlns:atom="http://www.w3.org/2005/Atom"
     xmlns:identity="http://docs.openstack.org/identity/api/v2.0"/>

Example: Forgot password: JSON request

POST /v2.0/users/RAX-AUTH/forgot-pwd HTTP/1.1  
Host: identity.api.rackspace.com  
Content-Type: application/json

{  
  "RAX-AUTH:forgotPasswordCredentials": {  
    "username": "billybob"  
  }  
}

Response

This table shows the possible response headers for this operation:

NameTypeDescription
X-User-NameHeaderValue for name provided on operation

This table shows the possible response codes for this operation:

Response CodeNameDescription
204No ContentNo Content

Example: Forgot password: response

< HTTP/1.1 204 No Content  
< Vary:  Accept, Accept-Encoding, X-Auth-Token  
< X-User-Name: billybob  
< Content-Type: application/json  
< Server: Jetty(6.1.25)

Reset password

POST /v2.0/users/RAX-AUTH/pwd-reset

Use the Reset Password operation to update user’s password.

Request

This table shows the header and URI parameters for the request:

NameTypeDescription
X-Auth-TokenHeader String (Required)A valid password reset token.

This table shows the body parameters for the request:

NameTypeDescription
RAX-AUTH:passwordResetObjectProvides password to be updated.
RAX-AUTH:passwordReset.passwordString (Required)New password for user.

Example: Reset password: XML request

POST /v2.0/users/RAX-AUTH/pwd-reset HTTP/1.1  
Host: identity.api.rackspacecloud.com  
Content-Type: application/xml  
X-Auth-Token: APU9ymNjSKJG21HVdiRdOg0rk2fqh7uQ1FafVDXo3SId6nMHjUkKSDacFwDLGCC9U_DKI6Lwzu-wMi3LIWT-bA24EdGYdycM3rKzAfVPiCCjigN315ZLJo5s2TmiGQTSW9b5H7euQjJ6KBTk5elT2l8HrPH-9rrBjw

<?xml version="1.0" encoding="UTF-8"?>

<passwordReset password="superSecurePassw0rd!"
     xmlns="http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0"
     xmlns:OS-KSADM="http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0"
     xmlns:OS-KSCATALOG="http://docs.openstack.org/identity/api/ext/OS-KSCATALOG/v1.0"
     xmlns:atom="http://www.w3.org/2005/Atom" xmlns:identity="http://docs.openstack.org/identity/api/v2.0"/>

Example: Reset password: JSON request

POST /v2.0/users/RAX-AUTH/pwd-reset HTTP/1.1  
Host: identity.api.rackspacecloud.com  
Content-Type: application/json  
X-Auth-Token: APU9ymNjSKJG21HVdiRdOg0rk2fqh7uQ1FafVDXo3SId6nMHjUkKSDacFwDLGCC9U_DKI6Lwzu-wMi3LIWT-bA24EdGYdycM3rKzAfVPiCCjigN315ZLJo5s2TmiGQTSW9b5H7euQjJ6KBTk5elT2l8HrPH-9rrBjw

{  
  "RAX-AUTH:passwordReset": {  
    "password": "superSecurePassw0rd!"  
  }  
}

Response

This table shows the possible response headers for this operation:

NameTypeDescription
X-User-NameHeaderValue for name provided on operation

This table shows the possible response codes for this operation:

Response CodeNameDescription
204No ContentNo Content
400Bad RequestPassword provided does not meet minimum requirements.
401UnauthorizedYou are not authorized to complete this operation. This error can occur if the supplied token is determined to either not be issued by Rackspace or a Rackspace issued token that has been expired or revoked.
403ForbiddenThe request was valid, but the server is refusing to respond because the supplied token is a Rackspace issued token that is not expired or revoked, but is NOT a password reset token.
404Not FoundThe requested resource was not found.

Example: Reset password: response

< HTTP/1.1 204 No Content  
< Vary:  Accept, Accept-Encoding, X-Auth-Token  
< X-User-Name: billybob  
< Content-Type: application/json  
< Server: Jetty(6.1.25)

Change password

POST /v2.0/users/RAX-AUTH/change-pwd

This service is used to change a user account’s password without supplying an authentication token by including the current password instead. If a user’s domain uses a password policy to enforce password rotation and the accounts password has expired, the user must use this service to update the password to a new value.

ℹ️

Note

The new password must be different from the current password.

This table shows the possible response codes for this operation:

Response CodeNameDescription
204UpdatedThe request has been fulfilled. The account’s password was updated.
400Bad RequestThe request is missing one or more elements, or the values of some elements are invalid.
401UnauthorizedYou are not authorized to complete this operation. This error can occur if the request is submitted with an invalid current password.
403ForbiddenThe request was valid, but the server is refusing to respond because you do not have permission to access the requested resource. Submit a request to your account administrator to determine how to gain access.
404Not FoundThe requested resource was not found.
405Invalid MethodThe method specified in the request is not valid for the resource identified in the request URI.
413Over LimitThe number of items returned is above the allowed limit. 503, Service Fault, Service is not available.

Request

This table shows the body parameters for the request:

NameTypeDescription
RAX-AUTH:changePasswordCredentialsObjectThe change password credentials object.
RAX-AUTH:changePasswordCredentials.usernameStringThe username of the user whose password is being changed.
RAX-AUTH:changePasswordCredentials.passwordStringThe current password of the user.
RAX-AUTH:changePasswordCredentials.newPasswordStringThe new password to set on the user.

Example: POST Method request: JSON

This example demonstrates updating the password of a user.

{  
    "RAX-AUTH:changePasswordCredentials": {  
            "username": "exampleUser",  
            "password":"Password1",  
            "newPassword":"Password2"  
    }  
}

Example: POST Method request: XML

This example demonstrates updating the password of a user.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<rax:changePasswordCredentials  
    xmlns:rax="[http://docs.rackspace.com/identity/api/ext/RAX-AUTH/v1.0](<>)"  
    username="exampleUser"  
    password="Password1"  
    newPassword="Password2" />

Response

This operation does not return a response body.