User Authentication and Password Management

Use the /service/user service APIs to set, verify, and modify a user password.

The following code shows the AuthData fields. 
<AuthData>
        <MtxRequestSubscriberModifyAuthData>
            <SubscriberSearchData>
                <MtxSubscriberSearchData>
                    <ObjectId>{MtxObjectId}</ObjectId>
                    <ExternalId>{String}</ExternalId>
                    <Imsi>{MtxPhone}</Imsi>
                    <AccessNumber>{MtxPhone}</AccessNumber>
                    <LoginId>{String}</LoginId>
                    <MultiRequestIndex>{Integer}</MultiRequestIndex>
                    <AccessId>{String}</AccessId>
                </MtxSubscriberSearchData>
            </SubscriberSearchData>
            <LoginId>{String}</LoginId>
            <Password>{String}</Password>
            <RoleFlags>{BigInteger}</RoleFlags>
            <ExecuteMode>{Integer}</ExecuteMode>
        </MtxRequestSubscriberModifyAuthData>
    </AuthData>
If you set a password, for security purposes, it is hashed when stored and is hashed in the following related RS Gateway services.
  • PUT /service/user/{SearchTerm:.+}

    Use this service to modify a user and the user's authentication information.

  • PUT /service/user/{SearchTerm:.+}/authentication

    Use this service to add user authentication information in AuthData.

  • PUT /service/user/{SearchTerm:.+}/authentication/verify

    Use this service to verify the password for security purposes. The password field is required, but the LoginId is optional. If both fields are specified both are verified against the AuthData. If the provided information matches, the subscriber roles are included in the response. If the information does not match, an error is included in the response. For information about RS Gateway roles, see the discussion about RS Gateway roles in MATRIXX Security.

  • PUT /service/user/{SearchTerm:.+}/password

    Use this service to modify a user's authentication data. The OldPassword and NewPassword fields are required.

Note: If you call the SubMan API directly to edit the MtxRequestUserModifyAuthData MDC you must encode the password using your preferred encoding. You can retrieve that field with the following SubMan call and write your own verification logic to verify the password.
/user/{SearchTerm:.+}/authentication

Use either method to create or modify a password for a user. If you create a password using the service REST method, you cannot modify the password using the SubMan API call. In this case, you get the error message "password did not match."