> ## Documentation Index
> Fetch the complete documentation index at: https://gcore.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Password Change

> Reset your password.



## OpenAPI

````yaml /api-reference/services_documented/iam_api.yaml put /iam/users/{userId}/password
openapi: 3.1.0
info:
  title: Gcore OpenAPI – IAM API
  description: >-
    This OpenAPI is an aggregated OpenAPI specification that unifies all Gcore
    products into a single file. It covers Cloud, CDN, DNS, WAAP, DDoS
    Protection, Object Storage, Streaming, and FastEdge services.
  version: '2026-05-15T06:37:28.230198+00:00'
servers:
  - url: https://api.gcore.com
security:
  - APIKey: []
tags:
  - name: Account
    description: >-
      Account management operations including authentication, password
      management, and account details.
    x-displayName: Account
  - name: API Tokens
    description: >-
      Use permanent API tokens for regular automated requests to services.

      You can either set its validity period when creating it or issue a token
      for an unlimited time.

      Please address the API documentation of the specific product in order to
      check if it supports API tokens.


      Newer endpoints under `/v2/…` issue tokens using `_` (underscore) as the
      separator

      (for example `42_a1b2c3d4e5f6...`) and are the recommended way to create
      new tokens.

      Legacy endpoints that issue `$`-separated tokens are marked deprecated and
      will be removed

      on **2026-07-17**; tokens that were already issued keep authenticating.


      Provide your APIKey in the Authorization header.


      Example: ```curl -H "Authorization: APIKey 42_a1b2c3d4e5f6..."
      https://api.gcore.com/iam/users/me```


      Please note: When authorizing via SAML SSO, our system does not have any

      information about permissions given to the user by the identity provider.

      Even if the provider revokes the user's access rights, their tokens remain
      active.

      Therefore, if necessary, the token will need to be deleted manually.
    x-displayName: API Tokens
  - name: Users
    x-displayName: Users
paths:
  /iam/users/{userId}/password:
    put:
      tags:
        - Account
      summary: Password Change
      description: Reset your password.
      operationId: iamChangePassword
      parameters:
        - $ref: '#/components/parameters/UserID'
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ChangePasswordRequest'
      responses:
        '200':
          $ref: '#/components/responses/ChangePasswordSuccess'
        '400':
          description: Password change failed.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ChangePasswordError'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
components:
  parameters:
    UserID:
      name: userId
      in: path
      required: true
      description: User's ID.
      schema:
        type: integer
  schemas:
    ChangePasswordRequest:
      type: object
      required:
        - old
        - new
        - double
      properties:
        old:
          type: string
          description: Your old password.
        new:
          type: string
          description: Your new password.
        double:
          type: string
          description: Confirm your new password.
    ChangePasswordError:
      oneOf:
        - allOf:
            - $ref: '#/components/schemas/ValidationError'
            - example:
                errors:
                  old:
                    - Old password is incorrect
                  new:
                    - New and double values don't match
    Token:
      type: object
      required:
        - refresh
        - access
      properties:
        refresh:
          $ref: '#/components/schemas/RefreshToken'
        access:
          $ref: '#/components/schemas/AccessToken'
    ValidationError:
      title: Validation error
      type: object
      properties:
        errors:
          type: object
          description: This object contains error descriptions per field from your request.
          additionalProperties:
            type: array
            description: Error list for specific field.
            items:
              type: string
              description: Error description
    RefreshToken:
      type: string
      description: |-
        Use this token to refresh the access token via
        [`/auth/jwt/refresh`](POST /auth/jwt/refresh) method.
      example: >-
        eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTYwMTcwNzA5MiwianRpIjoiMGFmOGU3NTMzYWEyNDM0YmI4M2NmMjA1ZWM2NTMwZjQiLCJ1c2VyX2lkIjo1LCJ1c2VyX3R5cGUiOiJjb21tb24iLCJ1c2VyX2dyb3VwcyI6WyJBZG1pbmlzdHJhdG9ycyJdLCJjbGllbnRfaWQiOjIsImVtYWlsIjoidGVzdHVzZXJAZXhhbXBsZS5jb20iLCJ1c2VybmFtZSI6InRlc3R1c2VyQGV4YW1wbGUuY29tIiwic3NvX2VudGl0eSI6bnVsbCwiaXNfYWRtaW4iOmZhbHNlLCJjbGllbnRfbmFtZSI6IlRlc3QgQ29tcGFueSIsImV4Y2hhbmdlYWJsZSI6dHJ1ZX0.C-RuHDWLpu1bd0_SoZgbkqSqA65egSBigKikeEKXkdK-PRVx4ZUIMdkJd-L4ebeydDHgeq3AwXbDBSqPuXZMTKTFKe1HTvpLycTNkTKa-dp9nTq0VwfUlf3G7QajEJA1UiQ7IhSDZJK5NBkEzs_-PFtPOQjeE2u2AbKKJ_SK3hNi1BVU3uVjfWsMVwGDkVnPIa0aLtYDTYd2QKN5InBGh06XITFD_P_IETfwhw7yG4PvLWGejGQO9jJx1ViFYCQi-O8vLR9-mjwaD8Ngc5O8v3mnzRkkxeWoukSW1p8eWiGf7QaLg-zSI6pNFO3_LO-ILHcJ394GJzW2rSpaAgvxwRHDIulDxJtAbqyxykLgnDSHUZbKq8mgQqkeshbmQ-BUT_nkYj1LcQisNTGp4QsDRdi095QQIXLntJiGC59BxpZQ5y3j67AZHG9qiVuHQSlHBaQKBAFdA_d7CRqV7TzsT4p3cHVXF_VccBM06pItkYYY5Xj0bQPU6qWf26bONnYh1FHOlaejw2mGc_FsPpi0soGUh-1v_Qs6C4N086VJ5uYSHw_M3MNcGBjAahnUdrKNX_8gmbTDwYNw7h1ELPYfBAFeQJrdTOOQPfUHzkt9g67DHdxRDHMQxz933Wxmfl_5fiHWoWE82n5ZA110BZB9JQoP7Tqtg4qIZoE1M6Knh14
    AccessToken:
      type: string
      description: Use this token to access API.
      example: >-
        eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjAxNjI0MjkyLCJqdGkiOiI0Mjk1ZjZhMjI4ZTE0MmE3YjA1ZmIxYjE5MjlhZjZlYyIsInVzZXJfaWQiOjUsInVzZXJfdHlwZSI6ImNvbW1vbiIsInVzZXJfZ3JvdXBzIjpbIkFkbWluaXN0cmF0b3JzIl0sImNsaWVudF9pZCI6MiwiZW1haWwiOiJ0ZXN0dXNlckBleGFtcGxlLmNvbSIsInVzZXJuYW1lIjoidGVzdHVzZXJAZXhhbXBsZS5jb20iLCJzc29fZW50aXR5IjpudWxsLCJpc19hZG1pbiI6ZmFsc2UsImNsaWVudF9uYW1lIjoiVGVzdCBDb21wYW55IiwiZXhjaGFuZ2VhYmxlIjp0cnVlLCJyanRpIjoiMGFmOGU3NTMzYWEyNDM0YmI4M2NmMjA1ZWM2NTMwZjQifQ.aJjVE3_mC8fimclIPggD0ynh0EIwO8kCEffhFN4CxbaDBGz4R2Xn2mJQqhsRB2YoDCx_oH3uLii6aM_6OQtc2DbIElfN1KHoQmzzEjxKKXlgTOF_gsq9dVwQ9hajeOsQu5ly1rMk41WW1LrQ6Nkb_v6LC8g57Ah4h2pGot44h87BDsG6uUyMFVV3ZTJjkVNWJxceljFeDPO5rhx-ujtkX5iYwAeVh6HAq3I4Sw7OO5LZHF9pnhNBJVRNu8HlBNyk5UVB7uyStc9vjAnjGJyqc4yWL3QVTz7BMtvXX19W6sypl_YQiYzz5dsOiL4dzsI5RERBVt9DtOytSqDNigF_WTVUn0VsmXEK1oDGb8I2AWuAmiKYxizKY2JEOHoUz7B1L87fiPg5fNlv3QDrFJhuy1M6A-72jL1-N4tCGhUCQubvZEv90JshAhc6A5W88ghtjS_W80xt63gpvK81vE9b3coutIBnh-yvzEwTvudm3YKTnRrNBxRT01tdiJVEKoJ1poST0BxzxtGAvW_JgASTcOqQcFR6-Rr5smDSOki_mKVqODbRgcAj7CeNOvrwDZqC2XlQkTLvlo6msNvyVQH8vugRzPsbZK7F3pCvOEB5ub2WY6a1ui7lm-mAVyAs1VbzCHEnLu5GiXmyNE-mlNXQlAS1xz5P751rANnwODJJFz0
  responses:
    '401':
      description: >-
        Authentication credentials were not provided or given token not valid
        for any token type.
    '403':
      description: You do not have permission to perform this action.
    ChangePasswordSuccess:
      description: Password was successfully changed.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Token'
  securitySchemes:
    APIKey:
      description: >-
        API key for authentication. Make sure to include the word `apikey`,
        followed by a single space and then your token.

        Example: `apikey 1234$abcdef`
      type: apiKey
      in: header
      name: Authorization

````