2. Retrieve the Secret Question

Retrieve the secret question for which the user must provide the answer in order to reset the password

Introduction

Depending on the configuration of your company, users may either be forced to specify a secret question-answer pair during registration or not. If a user does not have to answer the secret question, this step might be skipped and you can proceed to the third step. If the user does need to answer the question, use this endpoint to retrieve the question and then go back to the endpoint from the first step to provide the answer.

There are three required parameters that must be provided in the request:

  1. Et-App-Key (header). This is the unique key of your app that identifies your app when communicating with our service. Contact your administrator to get this key.

  2. API version (path). Unless necessary, leave it at "1.0".

  3. username (query). This is the login or the email of the user whose password ought to be reset.

Here's the final template for this API request:

GET apiURL/v1.0/users/password/secret-question?username=hello%40autoshares.com

Response

In response to this request, you will receive a JSON object containing the secret question:

{
  "Model": "What street did you live on in third grade?",
  "Errors": [],
  "IsSucceed": true
}

You may then display this question to the user and prompt them to specify the answer. Next, provide their answer as the value for the SecretQuestionAnswer key in the request body of the first step. Afterward you can proceed to the third step.

Common Mistakes

Here are some of the common mistakes that developers make when attempting to retrieve a user's secret question.

Failing to Specify the Et-App-Key Parameter

If you specify the wrong Et-App-Key parameter or fail to include it in the header altogether, you'll get the following error:

{
    "error": "Application key is not defined or does not exist"
}

Last updated