The Telerik Platform product is retired.Learn more

Changing a User Account Password

When it comes to changing a user password you have two options:

Let the User Change Their Own Password

A user can easily change their own password. You need to simply ask them for their current password and their new password and then pass the values to the changePassword method along with the username. If you pass false as a fourth argument, all access tokens issued to the user become invalid.

Here is an example of changing the password for a user:

var el = new Everlive('your-app-id');
el.Users.changePassword('jsmith', // username
    '111111', // current password
    'my_new_pass', // new password
    true, // keep the user's tokens
    function (data) {

Reset the User Password Administratively

If you need to change the password for a user account without the owner's participation (for example if the user has forgotten their password), you can do so by combining the changePassword method with master key authentication. Because storing the master key in the client application is not safe, the following example uses a Cloud Function that can be called from the client app by authorized users such as administrators. You can find out more about Cloud Functions, including information on how to call them, in Implementing Cloud Functions.

Everlive.CloudFunction.onRequest(function(request, response, done) {
    var parameters = Everlive.Parameters;
    var appId = parameters.apiKey;
    var masterKey = parameters.masterKey;
    var baseUrl = parameters.apiBaseUrlSecure;
    var apiVersionNumber = parameters.apiVersion;

    var url = baseUrl + "/v" + apiVersionNumber + "/" + appId + '/Users/changepassword?keepTokens=false';

    var options = {};
    var username = "username"; //specify the user's username
    var newPassword = "new-password"; //specify the user's new password

    options.body = {
        "Username": username,
        "NewPassword": newPassword
    options.headers = {
        "Authorization": "MasterKey" + " " + masterKey
    options.contentType = "application/json";

    Everlive.Http.request('POST', url, options, function(err, data) {
        if (err) {
            response.body = err;

        } else {
            response.body = "Success";


When changing the password administratively it makes sense to invalidate all access tokens issued to the user in exchange for their previous credentials. This is why the code appends keepTokens=false to the url variable.

You may also want to disable the automated reset password notification email from the portal.

Contact us: +1-888-365-2779
Copyright © 2016-2018, Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.