> ## Documentation Index
> Fetch the complete documentation index at: https://docs.streambird.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Update Password by Session (Enterprise)

> Update user password using an active session. If the session token does not have an active factor from OTP, magic link, or password, it will return an error.
## Request Body

The following table lists the properties of an HTTP request that this action supports.

## Returns

A successful response returns `user_id` property and `session` object associated with the `session_token` sent in.



## OpenAPI

````yaml post /v1/auth/passwords/session/update
openapi: 3.1.0
info:
  title: MoonKey Auth API
  description: >-
    Explore all the details of MoonKey Auth API. All of our APIs are RESTful and
    accept and return JSON.
  version: v1
servers:
  - url: https://api.moonkey.fun
    description: Production
    variables: {}
security:
  - Authorization: []
tags:
  - name: Users
    description: User management API
  - name: Magic Links
    description: ''
  - name: OTPs
    description: >-
      Send OTP (One-time passcodes) by all the supported delivery methods such
      as SMS, email.
  - name: OAuth
    description: ''
  - name: Wallets Login
    description: ''
  - name: Managed Wallets
    description: ''
  - name: Wallet Import
    description: >-
      Import existing wallets into the platform using secure HPKE encryption.
      This flow ensures raw entropy (seed phrases or private keys) never touches
      the server in plaintext.
externalDocs:
  url: ''
  description: ''
paths:
  /v1/auth/passwords/session/update:
    parameters: []
    post:
      tags:
        - Passwords
      summary: Update Password by Session (Enterprise)
      description: >-
        Update user password using an active session. If the session token does
        not have an active factor from OTP, magic link, or password, it will
        return an error.

        ## Request Body


        The following table lists the properties of an HTTP request that this
        action supports.


        ## Returns


        A successful response returns `user_id` property and `session` object
        associated with the `session_token` sent in.
      operationId: UpdatePasswordBySession
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdatePasswordBySessionRequest'
            examples:
              UpdatePasswordBySessionReq:
                value:
                  password: samplepass
                  session_token: >-
                    4KdNDr4QAMekuWssW7IDtF9mlsmkOj8QDRbp7oIGOb3Tv4sE3PjX6j6GypoYNnIB
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                properties:
                  session:
                    $ref: '#/components/schemas/Session'
                  user_id:
                    type: string
              examples:
                UpdatePasswordBySessionResp:
                  value:
                    session:
                      id: sess_2KF44T13b1clHEoOHpwEmTtldx5
                      user_id: user_2Cu2uVhYy0OVgRcO913OsqIVaPI
                      started_at: 1673556805
                      expires_at: 1673562817
                      last_active_at: 1673556817
                      factors:
                        - delivery_channel: email
                          type: otp
                          method:
                            method_id: email_24oXBL3PufzHkH1Jzyjc2EXYeo7
                            method_type: email
                            email_id: email_24oXBL3PufzHkH1Jzyjc2EXYeo7
                            email: sandbox@moonkey.fun
                            last_verified_at: 1673556805
                        - delivery_channel: password
                          type: password
                          method:
                            last_verified_at: 1673556817
                      device_fingerprint:
                        user_agent: Chrome
                        ip: ''
                      permissions: []
                      deleted: false
                      deleted_at: 0
                      updated_at: 1673556817
                      created_at: 1673556805
                    user_id: user_2Cu2uVhYy0OVgRcO913OsqIVaPIb
components:
  schemas:
    UpdatePasswordBySessionRequest:
      type: object
      properties:
        password:
          type: string
          minLength: 1
          description: '`Required` Unique user ID to associate the TOTP with.'
        session_token:
          type: string
          description: >-
            `Required if session_jwt not present` Session token to identify the
            user by. Only a valid session will result in a successful password
            change.
        session_jwt:
          type: string
          description: >-
            `Required if session_token not present` Session jwt to identify the
            user by. Only a valid session will result in a successful password
            change. 
      required:
        - password
    Session:
      description: ''
      type: object
      x-examples:
        Session:
          id: sess_24tZ6tlJ7CxlTwB6Zoj6SHQ9vU3
          user_id: user_24wFP9pDa9YiMJLun94iKykoZs2
          session_token: 7hssInGtOjKGUh8w7T4NjgLIKKSw6UdZ8uOduBYmJzrtfV6GrNtaUYoGehRS6jBh
          started_at: 1643496805
          expires_at: 1643502805
          last_active_at: 1643496805
          factors:
            - delivery_channel: sms
              type: otp
              method:
                method_id: pn_24oXBLRv6BoHXbNZoTAZkAFlRsy
                method_type: phone_number
                phone_number_id: pn_24oXBLRv6BoHXbNZoTAZkAFlRsy
                phone_number: '+14152222222'
                last_verified_at: 1643496805
          device_fingerprint:
            user_agent: ''
            ip: 123.2.1.1
          updated_at: 1643496805
          created_at: 1643496805
      title: Session
      properties:
        id:
          type: string
          minLength: 1
        user_id:
          type: string
          minLength: 1
        session_token:
          type: string
          minLength: 1
        started_at:
          type: number
        expires_at:
          type: number
        last_active_at:
          type: number
        factors:
          type: array
          uniqueItems: true
          minItems: 1
          items:
            type: object
            properties:
              delivery_channel:
                type: string
                minLength: 1
                description: >-
                  Delivery channel for this factor. Possible values: sms, email,
                  totp_authenticator, totp_recovery_code, google_oauth,
                  apple_oauth, microsoft_oauth, discord_oauth, okta_oauth,
                  github_oauth, slack_oauth, facebook_oauth,
                  webauthn_credential, eth_wallet, sol_wallet.
              type:
                type: string
                minLength: 1
                description: >-
                  Authentication type of factor. Possible values: otp, oauth,
                  wallet, totp, webauthn.
              method:
                type: object
                required:
                  - method_id
                  - method_type
                  - last_verified_at
                properties:
                  id:
                    type: string
                  method_id:
                    type: string
                    minLength: 1
                  method_type:
                    type: string
                    minLength: 1
                    description: >-
                      Identifier method type. Possible values: email, wallet,
                      phone_number, webauthn.
                  last_verified_at:
                    type: number
                  phone_number_id:
                    type: string
                    minLength: 1
                  phone_number:
                    type: string
                    minLength: 1
                  email_id:
                    type: string
                  email:
                    type: string
                  wallet_type:
                    type: string
                  wallet_id:
                    type: string
                  wallet_public_address:
                    type: string
                  totp_id:
                    type: string
                  webauthn_credential_id:
                    type: string
                  provider_subject:
                    type: string
            required:
              - delivery_channel
              - type
              - method
        device_fingerprint:
          type: object
          required:
            - user_agent
            - ip
          properties:
            user_agent:
              type: string
            ip:
              type: string
              minLength: 1
        updated_at:
          type: number
        created_at:
          type: number
      required:
        - id
        - user_id
        - session_token
        - started_at
        - expires_at
        - last_active_at
        - factors
        - device_fingerprint
        - updated_at
        - created_at
  securitySchemes:
    Authorization:
      type: http
      scheme: bearer
      description: >-
        Auth Platform API includes all the Auth related features. All Users,
        Phone Numbers, Emails, and OTPs are associated with an `App` as the
        container.


        Endpoints only accept App's `Secret API keys` other than certain
        endpoints that are used client side or via SDK that accept the
        `public_token`.


        ## Authentication using App Api Key


        ## Header:


        ```

        Authorization: Bearer {api_key}

        ```


        ## Authenticated Request


        ```curl

        curl \
          -X GET https://api.moonkey.fun/v1/auth/users/user_24wFP9pDa9YiMJLun94iKykoZs2 \
          -H "Authorization: Bearer sk_test_pRqweh3wvWmJAAVYv7Z0T5iPLzFM4ql0muoyQcjOxGeN3p1r"
        ```

````