Get password policy
Learn how to retrieve password policy configuration using the Customer Password Policy API.
Use Customer Password Policy API to retrieve the password policy configuration.
You must have the ROLE_ADMIN_CUSTOMER access permission to run this API. For more information about this role, see ROLE_ADMIN_CUSTOMER Access permissions.
HTTP method and endpoint
GET {AUTH_URL}/oauth/customers/{customerId}/passwordPolicyFor more information about this API syntax, see GET Customer Password Policy in the Configuration section of the Reltio Developer Portal.
Request headers
| Header | Value | Required |
|---|---|---|
Content-Type | application/json | Yes |
Authorization | Bearer {{access_token}} | Yes |
customerId | Customer identifier | Yes |
Request body
This operation does not require a request body.
Example request
Use the following example to see how a complete request is structured.
GET {tenantURL}/services/oauth/customers/Sample_Customer/passwordPolicy
Response fields
The following table describes the fields returned in the response body when the request is successful.
| Field | Type | Description |
|---|---|---|
passwordRules | array of object | List of password validation rules configured for the customer. |
expirePeriodInDays | integer | Password expiration period in days. |
inactivePeriodInDays | integer | Inactivity period in days. |
numberOfFailedLoginAttempts | integer | Maximum number of failed login attempts allowed before account lockout. |
userSessionTimeoutSeconds | integer | User session timeout in seconds. |
numberOfFailedMFALoginAttempts | integer | Maximum number of failed multi-factor authentication (MFA) login attempts allowed before account lockout. |
Example response
The following example shows a successful response that returns the password policy.
{
"passwordRules": [
{
"matchBackwards": true,
"ignoreCase": true,
"type": ".EmailPRule"
},
{
"values": "30",
"type": ".AllowedCharacterPRule"
},
{
"length": 30,
"type": ".AlphabeticalSequencePRule"
},
{
"ruleList": [
{
"numCharacters": 3,
"type": ".DigitCharacterPRule"
},
{
"numCharacters": 3,
"type": ".LowercaseCharacterPRule"
},
{
"numCharacters": 3,
"type": ".NonAlphanumericCharacterPRule"
},
{
"numCharacters": 3,
"type": ".UppercaseCharacterPRule"
}
],
"numberOfCharacteristics": 3,
"type": ".CharacterCharacteristicsPRule"
},
{
"dictionary": [
"p4t3t#none"
],
"caseSensitive": true,
"type": ".DictionaryPRule"
},
{
"numCharacters": 3,
"type": ".DigitCharacterPRule"
},
{
"lastPasswordVerifyCount": 5,
"type": ".HistoryPRule"
},
{
"values": "~",
"type": ".IllegalCharacterPRule"
},
{
"numCharacters": 3,
"type": ".LowercaseCharacterPRule"
},
{
"numCharacters": 3,
"type": ".NonAlphanumericCharacterPRule"
},
{
"type": ".NonAlphanumericCharacterPRule"
},
{
"length": 3,
"type": ".NumericalSequencePRule"
},
{
"length": 3,
"type": ".RepeatCharacterRegexPRule"
},
{
"numCharacters": 3,
"type": ".UppercaseCharacterPRule"
},
{
"matchBackwards": true,
"ignoreCase": true,
"type": ".UsernamePRule"
},
{
"type": ".WhitespacePRule"
}
],
"expirePeriodInDays": 180,
"inactivePeriodInDays": 30,
"numberOfFailedLoginAttempts": 5,
"userSessionTimeoutSeconds": 300,
"numberOfFailedMFALoginAttempts": 5
}Error responses
The following table describes the possible error responses for this operation.
| HTTP status code | Status | Description |
|---|---|---|
401 | Unauthorized | The request is not authenticated because the access token is missing or invalid. |
403 | Forbidden | The request is authenticated, but the caller does not have permission to access the requested resource. |
404 | Not found | Returned when the specified customerId is invalid or does not correspond to an existing customer. |