You can use the VTEX ID API to expire a shopper's password. This means they will not be able to login until they create a new password on your website.
To maximize security and improve the shopper experience, we recommend that you follow the steps below to expire a shopper's password:
- Activate repeated password prevention (do this only the first time)
- Expire shopper password
- Notify the shopper
Any user or application key that wishes to perform password expiration must have a License Manager role that includes the
Expire User Passwordresource.
Preventing repeated passwords
If you intend to expire shoppers' passwords, it may be a good idea to prevent them from using the same password repeatedly.
To do this, use the following API request:
_10POST_10https://{{accountName}}.{{environment}}.com.br/api/vtexid/pub/providers/setup/password/webstore/password
Request body:
_10{_10 "isActive": true,_10 "allowRepeated": false_10}
This configuration impacts all shoppers of your account. You only need to send this request this whenever you want to change this configuration.
Expiring a password by email
You can use the API request below to expire the password associated with a specific shopper email:
_10POST_10https://{{accountName}}.{{environment}}.com.br/api/vtexid/password/expire?email={{email}}
This request has no body.
A successful response will have status code 200 (OK) and an empty body.
This request does not trigger any notification. We strongly recommend that you notify the user to prevent a frustrating shopping experience next time they try to login to your store.
Notifying the shopper
Once you expire a shopper's password, they will not be able to login to your store. You must notify them of the expiration and instruct them to go to your store and create a new password.