Docs‎ > ‎API Creator‎ > ‎Security‎ > ‎Manage Users with the REST API‎ > ‎

Change the sa Password using cURL

You can change the password of the system administrator (sa) user using cURL. If you are using API Creator's built-in authentication provider, you can update all user passwords, as well as name, email, and other information, using cURL.

Prerequisite: You have determined the correct URL. The portion shown as https://api.acme.com in the following examples is the portion that you use as the server when you log into API Creator.

Get the API Key Value for the sa User

Issue the following command:

curl -d '{"username":"sa","password":"CURRENTPASSWORD"}' -H "Content-type: application/json" \
-X POST https://api.acme.com/rest/abl/admin/v2/@authentication

The following response is expected:

{
"apikey": "94e248b6a192c006e07a77fdaa7f93b6",
"expiration": "2015-11-06T02:15:50.088Z",
"lastLoginTs": "2015-11-04T18:11:34.094Z",
"lastLoginIP": "123.45.67.89",
"email": "admin@acme.com"
}

Retrieve the sa User

Use the apikey value to get the sa user:

curl -H "Authorization: CALiveAPICreator 94e248b6a192c006e07a77fdaa7f93b6:1" \
       -X GET https://api.acme.com/rest/abl/admin/v2/users/2

The following response is expected:

[
{
"ident": 2,
"ts": "2015-11-04T18:25:54.072092Z",
"name": "sa",
"fullname": "System Admin",
"email": "admin@acme.com",
"status": "A",
"roles": "System administrator",
"data": null,
"comments": null,
"apikey_lifespan": null,
"password_hash": "jA0D60fG+sB310w9MpLVEah/lg/f9aJCnDcPtl14ho55o6koI0zZ+cpxQiwdHFvUuzEF4byogjJ/wV9sbSJp5w==",
"password_salt": "QH7FeE7frVejG1E4KSlU0Q==",
"project_ident": 3,
"@metadata": {
"href": "https://api.acme.com/rest/abl/admin/v2/admin:users/2",
"checksum": "A:ff8fc7eaad8dbe66"
}
}
]

Note: Only relevant content is shown. If you are changing the password for the admin user, the ident is normally 1000 instead of 2.

Update the Password

The final step is to update the sa user with a PUT, using the apikey value from the first call and the checksum from the second call:
curl -d '{"password_hash":"NEWPASSWORD","@metadata": {"href": "https://api.acme.com/rest/abl/admin/v2/admin:users/2","checksum": "A:ff8fc7eaad8dbe66"}}' \
    -H "Authorization: CALiveAPICreator 94e248b6a192c006e07a77fdaa7f93b6:1" \
    -H "Content-type: application/json" \
    -X PUT https://api.acme.com/rest/abl/admin/v2/users/2

The following response is expected:

{
  "statusCode": 200,
  "txsummary": [
    {
      "@metadata": {
        "href": "https://api.acme.com/rest/abl/admin/v2/admin:users/2",
        "resource": "admin:users",
        "verb": "UPDATE"
        "checksum": "A:d747ca75b28058ed"
      },
      "ident": 2,
      "ts": "2015-11-04T18:15:17.955629Z",
      "name": "sa",
      "fullname": "System Admin",
      "email": "admin@acme.com",
      "status": "A",
      "roles": "System administrator",
      "data": null,
      "comments": null,
      "apikey_lifespan": null,
      "password_hash": "9b/4OrzqFbOqELveMlq74pl3yTfD3v3Xrpe2ICBoTMnZ/RE8ZQBUq64bS4y3Dz9ASXh0qWZGq9XdQulSxbOyZQ==",
      "password_salt": "QH7FeE7frVejG1E4KSlU0Q==",
      "project_ident": 3
    }
  ]
}

The password_hash has changed and a salted hash is stored. Your new password has not changed and is not saved.

Note: If you are changing the password for the admin user, the ident is normally 1000 instead of 2.