Validate Password

Validates the password of an existing user account and generates the access token and key. The token is valid for 15 minutes by default. You can use the key to regenerate token.

Resource Information

URI for Mobile Appauth/v1/password/validate
URI for Web Appauth/v1/web/password/validate
Rate Limited?Yes
Batch SupportNo

Request URL

For mobile application:


For web application:


Request Body Parameters

{   "identifierType":"USERNAME",
    "deviceId": "deviceid1",
    "brand": "KANMODEMO",
    "sessionId": "D-c62d7326-e122-4186-8c72-e42f270b0cdf",
identifierType*enumIdentifier used to generate OTP. Values: MOBILE, EMAIL, USERNAME.
identifierValue*stringValue of the specified identifierType. For example, if identifierType is MOBILE, the identifierValue is the mobile number.
deviceId**stringUnique ID of the device used for password validate. Should be the same as the deviceId used to generate the current token. Not applicable for web application.
brand*stringName of the brand or org associated with the current account.
sessionId*stringSession ID generated through the v1/token/generate API.
password*stringPassword of the current account.
Note: You can configure maximum retries as well as account locking after several defined unsuccessful attempts to enter the correct password.

* Parameters marked with * are mandatory, and the parameters marked with ** are required for the mobile app.

Response parameters

    "status": {
        "success": true,
        "code": 200,
        "message": "SUCCESS"
    "auth": {
        "token": "eyJpZHYiOlsiTU9CSUxFfDk5NDU1NjAyMjQiXSwiZGV2IjoiZGV2aWNlaWQxIiwib3JnIjoiU1RBTkRBUkRBUFAiLCJhbGciOiJIUzI1NiJ9.eyJ1aWQiOiI3Njg4MTYiLCJpc3MiOiJDQVBJTExBUlkgVEVDSE5PTE9HSUVTIiwiaXNjIjoiZmFsc2UiLCJvZ2MiOlsiMTUxMDYwfHNhLmRlbW8uc29sdXRpb24iXSwiZXhwIjoxNTk3OTQzODU1LCJpYXQiOjE1OTc5NDAyNTUsInJvbCI6IlVTRVIifQ.Wyt_xxlqtmMH3lyReO718sDokngYGp_HSLuiBOyaEds",
    "user": {
        "appRegistered": false,
        "sessionId": null,
        "role": "USER",
        "userRegisteredForPassword": true
statusObject containing status information
- successBoolean indicating the success status
- codeNumber indicating the status code (e.g., 200 for success)
- messageString providing a message related to the status
authObject containing authentication information
- tokenString representing the authentication token. By default, the token is valid for 15 minutes.
- keyString representing the authentication key.
userObject containing user information
- appRegisteredBoolean indicating if the user is registered in the app
- sessionIdValue representing the user's session ID
- roleString indicating the user's role (e.g., "USER")
- userRegisteredForPasswordBoolean indicating if the user is registered for a password
Click Try It! to start a request and see the response here!