Skip to main content

Endpoint

POST /profile/password
Changes the authenticated user’s password. For security, this operation requires the user’s current password for verification and will automatically revoke all active sessions on other devices.

Authentication

This endpoint requires authentication. Include a valid JWT token in the Authorization header.

Request

Headers

Authorization
string
required
Bearer token for authenticationExample: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Content-Type
string
required
Must be application/json

Body Parameters

currentPassword
string
required
User’s current password for verificationRequired for security purposes to confirm the user’s identity
newPassword
string
required
The new password
  • Minimum length: 8 characters
  • Must meet password strength requirements
  • Cannot be the same as common passwords

Response

success
boolean
required
Indicates if the request was successful
message
string
required
Success message: “Senha alterada com sucesso! Por segurança, você foi deslogado de outros dispositivos.”

Example

curl -X POST https://api.ceboelha.com/profile/password \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "currentPassword": "myOldPassword123",
    "newPassword": "myNewSecurePassword456"
  }'

Response

{
  "success": true,
  "message": "Senha alterada com sucesso! Por segurança, você foi deslogado de outros dispositivos."
}

Error Responses

400 Bad Request - Password Too Short

{
  "success": false,
  "error": "Validation failed",
  "details": {
    "newPassword": "Password must be at least 8 characters"
  }
}

400 Bad Request - Weak Password

{
  "success": false,
  "error": "A senha deve ter pelo menos 8 caracteres, incluindo letras maiúsculas, minúsculas, números e caracteres especiais"
}

401 Unauthorized - Invalid Current Password

{
  "success": false,
  "error": "Senha atual incorreta"
}

401 Unauthorized - Invalid Token

{
  "success": false,
  "error": "Token inválido ou expirado"
}

404 Not Found

{
  "success": false,
  "error": "Usuário não encontrado"
}

Security Features

Password Strength Validation

The new password must meet the following requirements:
  • Minimum 8 characters
  • Include uppercase letters
  • Include lowercase letters
  • Include numbers
  • Include special characters
  • Not be a commonly used password

Session Revocation

For security purposes, changing your password will:
  • Revoke all refresh tokens - All active sessions on other devices will be terminated
  • Keep your current session active - You won’t be logged out from the current device
  • Require re-login on other devices - Users will need to sign in again on all other devices
This prevents unauthorized access if someone had gained access to your account.

Security Logging

Password changes are logged in the activity log for audit purposes, including:
  • Timestamp of the change
  • User information
  • IP address and device information (if available)

Best Practices

  1. Use a strong, unique password - Don’t reuse passwords from other services
  2. Update regularly - Consider changing your password periodically
  3. Don’t share your password - Never share your password with anyone
  4. Use a password manager - Consider using a password manager to generate and store secure passwords
  5. Enable two-factor authentication - If available, enable 2FA for additional security

Build docs developers (and LLMs) love

Get started for freeTalk to us