> ## Documentation Index > Fetch the complete documentation index at: https://docs.gmicloud.ai/llms.txt > Use this file to discover all available pages before exploring further. # Update user password > Allows a user to update their password. - **Authenticated user**: Must use `Bearer ` in Authorization header and provide `currentPassword` in the request body. - **Password reset user**: Must provide `passwordResetToken` and provide `otpCode` in the request body. ## OpenAPI ````yaml /api-spec/ias-public-api.yaml patch /me/password openapi: 3.0.3 info: title: IAM Service API description: APIs for IAM Service. version: 2.4.0 servers: - url: https://console.gmicloud.ai/api/v1 description: IAM Service API security: [] paths: /me/password: patch: tags: - me summary: Update user password description: > Allows a user to update their password. - **Authenticated user**: Must use `Bearer ` in Authorization header and provide `currentPassword` in the request body. - **Password reset user**: Must provide `passwordResetToken` and provide `otpCode` in the request body. operationId: updateUserPassword requestBody: description: The request body for updating user password required: true content: application/json: schema: $ref: '#/components/schemas/updatePasswordRequest' responses: '200': description: Successfully updated user password. '400': description: > - [group:**request**, code:**0**]: Invalid field in the request. - [group:**request**, code:**1**]: The request body is required. - [group:**user**, code:**208**]: Invalid otpCode. - [group:**user**, code:**209**]: Expired otpCode. - [group:**user**, code:**211**]: Either `Authorization` in header or `passwordResetToken` in request body must be provided. - [group:**user**, code:**212**]: Invalid currentPassword. content: application/json: schema: $ref: '#/components/schemas/ErrStatusMsg' examples: Invalid field in the request: summary: Invalid field in the request. value: group: request code: 0 validationDetail: - field: newPassword expression: required originalValue: '' reason: This field is required. '401': description: | - [group:**user**, code:**206**]: Invalid reset password token. - [group:**user**, code:**207**]: Expired reset password token. content: application/json: schema: $ref: '#/components/schemas/ErrStatusMsg' examples: Invalid reset password token: summary: Invalid reset password token. value: group: user code: 11 message: Invalid reset password token. '500': description: > - [group:**user**, code:**1**]: User does not exist. - [group:**user**, code:**201**]: Get user password reset data encountered error. - [group:**user**, code:**210**]: Delete user password reset data encountered error. - [group:**user**, code:**1200**]: Get user encountered DB error. - [group:**user**, code:**1400**]: Update user passsword encountered DB error. content: application/json: schema: $ref: '#/components/schemas/ErrStatusMsg' examples: Get user password reset data encountered error: summary: Get user password reset data encountered error. value: group: user code: 201 message: Get user password reset data encountered error. traces: - error occurred. security: - {} - bearerAuth: [] components: schemas: updatePasswordRequest: type: object x-go-name: updatePasswordRequest properties: newPassword: type: string description: The new password. example: MyNewSecurePassword123! x-oapi-codegen-extra-tags: binding: required currentPassword: type: string description: | The user's current password for update password. - This field is only required for authenticated users. example: OldPassword123! x-oapi-codegen-extra-tags: binding: omitempty x-go-type-skip-optional-pointer: true passwordResetToken: type: string description: > A temporary Bearer token used for password reset authentication which is issued when a user requests a password reset. - This field is only required for password reset users. example: eyJhbGciOiJIUzI1NiIsInR... x-oapi-codegen-extra-tags: binding: omitempty x-go-type-skip-optional-pointer: true otpCode: type: string description: | A one-time passcode (OTP) for reset user password. - Must be a numeric code. - This field is only required for password reset users. example: 321673 x-oapi-codegen-extra-tags: binding: omitempty,numeric x-go-type-skip-optional-pointer: true required: - newPassword ErrStatusMsg: type: object properties: group: type: string description: >- API function group\n -Will be "request" if there are invalid request parameters. x-oapi-codegen-extra-tags: binding: required code: type: integer description: The substatus error code for the API response. x-oapi-codegen-extra-tags: binding: required message: type: string description: The substatus error Message for API response. x-go-type-skip-optional-pointer: true traces: type: array items: type: string description: The original error messages. x-go-type-skip-optional-pointer: true validationDetail: type: array items: $ref: '#/components/schemas/ValidationDetail' description: >- Returned when there are invalid request paremeters(group="request")\n List of invalid fields and the reason of error. x-go-type-skip-optional-pointer: true example: group: request code: 0 validationDetail: - field: email expression: required originalValue: '' reason: This field is required. required: - group - code ValidationDetail: type: object properties: field: type: string description: The field of the request data. x-go-type-skip-optional-pointer: true expression: type: string description: The form of violation. x-go-type-skip-optional-pointer: true argument: type: string description: The number or data to support the expression. x-go-type-skip-optional-pointer: true originalValue: description: The original value from the request. x-go-type-skip-optional-pointer: true reason: type: string description: The reason for the validation error. x-go-type-skip-optional-pointer: true example: - field: fieldXXX expression: required originalValue: '' reason: This field is required. securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: > An access token used to authenticate a user and grant access to restricted APIs. It is issued by session APIs. For status codes related to this header, refer to the [Common Headers Documentation](https://gmicloud.atlassian.net/wiki/spaces/CE/pages/47199534/Common+Headers#Authorization). ````