Initialize Password
POST
/web/v1/system/auth/password/init NoneInitializes a password for a newly registered user who completed registration without setting a password. Returns a 201 Created response on success.
Required Headers
| Header | Example Value | Description |
|---|---|---|
| Content-Type | application/json | Request content type |
| Accept | application/json | Expected response type |
| X-Client-Hash | Client device fingerprint | |
| Accept-Language | en, zh, zh-Hant, ja, vi | Response language (default: en) |
Request Parameters
| Name | Type | Required | In | Description |
|---|---|---|---|---|
rawRequestBody | String | Required | body | Raw request body (encrypted via SecureChannel, auto-decrypted by the server) |
sessionId | String | Required | body | Session ID from the initialization link (sid parameter, max 64 chars) |
password | String | Required | body | New password (8-128 chars, encrypted in transit via @Encrypted) |
Request Example
json
{
"sessionId": "init-session-xxx",
"password": "NewP@ssw0rd"
}Success Response
Success 201
{
"version": "2.0.0",
"timestamp": 1711929600000,
"success": true,
"code": "2000",
"message": "SUCCESS",
"data": {
"bizId": "ACC_USR_00000001",
"email": "user@example.com",
"name": "Test User",
"status": 10010202,
"createdAt": "2026-03-23T08:00:00Z"
}
}Error Responses
Bad Request 400
{
"success": false,
"code": "VALIDATION.INVALID_PARAMETER",
"message": "Invalid request parameters"
}Notes
- Returns HTTP 201 Created on success.
- Rate limited to 5 requests per 300-second window.
- The
sessionIdmust come from a prior registration or login flow. - Request body is strictly validated — unknown or unexpected fields will be rejected with HTTP 400.