> ## Documentation Index
> Fetch the complete documentation index at: https://apidocs.royalti.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Set Password
> Sets a new password for a user after they have verified their email.
This endpoint requires authentication. Include your Bearer token in the Authorization header.
## Description
**Note:** Requires a valid verification token in the Authorization header.
## Code Examples
```javascript Node.js theme={null}
const response = await fetch('https://api.royalti.io/auth/setpassword', {
method: 'POST',
headers: {
'Authorization': `Bearer ${token}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
"password": "securePassword123!"
})
});
const data = await response.json();
console.log(data);
```
```python Python theme={null}
import requests
response = requests.post(
'https://api.royalti.io/auth/setpassword',
headers={
'Authorization': f'Bearer {token}'
},
json={"password":"securePassword123!"}
)
data = response.json()
print(data)
```
```bash cURL theme={null}
curl -X POST https://api.royalti.io/auth/setpassword \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"password":"securePassword123!"}'
```
## OpenAPI
````yaml post /auth/setpassword
openapi: 3.0.0
info:
title: Royalti.io API
description: "# Royalti API\r\n\r\nThis is the Royalti music royalty management platform API server.\r\n\r\n## Overview\r\n\r\nThe Royalti API provides comprehensive music royalty management services including:\r\n- Music publishing and writer management\r\n- Royalty processing and analytics\r\n- DDEX integration for music industry standards\r\n- File processing and pattern recognition\r\n- Payment processing and distribution\r\n\r\n## Authentication\r\n\r\nThe API uses JWT-based authentication with multiple protection levels:\r\n- Public endpoints for basic operations\r\n- Protected endpoints requiring valid JWT tokens\r\n- Admin endpoints for administrative functions\r\n\r\n## Features\r\n\r\n- Multi-dimensional royalty analytics\r\n- CWR (Collective Works Registration) support\r\n- DDEX integration for music metadata\r\n- Advanced file processing with pattern recognition\r\n- Real-time data processing with queue system"
version: 2.6.0
contact:
name: Royalti.io Support
email: support@royalti.io
url: https://royalti.io
license:
name: Proprietary
url: https://royalti.io/terms
servers:
- url: https://api.royalti.io
description: Production server
- url: https://api-dev.royalti.io
description: Development server
- url: http://localhost:8084
description: Local development
security:
- bearerAuth: []
tags:
- name: Accounting
description: Accounting and financial transaction operations
- name: DDEX
description: DDEX operations (ERN/MEAD, messages, delivery, providers)
- name: Label
description: Label management operations
- name: Internal Webhooks
description: Internal system webhooks for royalty processing and downloads
- name: Payment Webhooks
description: Payment processor webhook endpoints
- name: Billing Webhooks
description: Stripe billing and subscription webhooks
- name: Infrastructure Webhooks
description: Cloudflare domain and SSL webhooks
- name: Distribution Webhooks
description: Digital distribution platform webhooks (FUGA)
paths:
/auth/setpassword:
post:
tags:
- Auth
summary: Set Password
description: >-
Sets a new password for a user after they have verified their email.
**Note:** Requires a valid verification token in the Authorization
header.
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- password
properties:
password:
type: string
minLength: 8
description: The new password to be set
example: securePassword123!
responses:
'200':
description: Password set successfully
content:
application/json:
schema:
$ref: '#/components/schemas/AuthResponse'
example:
success: true
message: Password set successfully
data:
token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
user:
id: 550e8400-e29b-41d4-a716-446655440000
email: user@example.com
firstName: John
lastName: Doe
isEmailVerified: true
'400':
description: |
Bad request. Possible reasons:
- Invalid or expired token
- Password validation failed
- User already has a password set
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
success: false
error:
code: VALIDATION_ERROR
message: Password validation failed
details:
- Password must be at least 8 characters long
- Password must contain at least one number
- Password must contain at least one special character
'401':
description: Unauthorized
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'404':
description: Not Found
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'500':
description: Internal Server Error
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
security:
- bearerAuth: []
components:
schemas:
AuthResponse:
type: object
properties:
token:
type: string
description: JWT access token
refreshToken:
type: string
description: Refresh token for getting new access tokens
user:
$ref: '#/components/schemas/User'
Error:
type: object
properties:
success:
type: boolean
example: false
error:
type: object
properties:
code:
type: string
message:
type: string
details:
type: array
items:
type: string
User:
type: object
description: Global user account (cross-tenant)
properties:
id:
type: string
format: uuid
description: User unique identifier
email:
type: string
format: email
description: User email address (unique, case-insensitive)
isVerified:
type: boolean
default: false
description: Email verification status
hasPassword:
type: boolean
default: false
description: Whether user has set a password
isActive:
type: boolean
default: false
description: Account active status
isAdmin:
type: boolean
default: false
description: Super admin status
googleId:
type: string
nullable: true
description: Google OAuth ID (if linked)
linkedinId:
type: string
nullable: true
description: LinkedIn OAuth ID (if linked)
facebookId:
type: string
nullable: true
description: Facebook OAuth ID (if linked)
provider:
type: string
enum:
- email
- google
- linkedin
- facebook
description: Primary authentication provider
providerId:
type: string
nullable: true
description: Provider-specific identifier
profilePicture:
type: string
nullable: true
description: URL to profile picture
createdAt:
type: string
format: date-time
updatedAt:
type: string
format: date-time
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: >-
JWT Authorization header using the Bearer scheme. Format: "Bearer
{token}"
````