Password confirmation is required (API)

zx81 · April 8, 2025, 5:23pm

Hi

I’m developing a small app to do some task in my Nextcloud instance using the API and the WebDav interface.

Most of the things work ok but when I try to change for example an user email it always fails. The request response is:

<ocs>
 <meta>
  <status>failure</status>
  <statuscode>403</statuscode>
  <message>Password confirmation is required</message>
  <totalitems></totalitems>
  <itemsperpage></itemsperpage>
 </meta>
 <data/>
</ocs>

I’ve tried with Postman and same response, normally I use Basic Authentication but just to give it a try I’ve created an app token, change to Bearer Authentication, same response.

But If i just use curl from the command line, it works, example:

curl -X PUT https://myuser:mypwd@my.instance.com/test/ocs/v1.php/cloud/users/test -d key="email" -d value="x@x.com" -H "OCS-APIRequest: true"

Why if I use a regular PUT request it asks for the password confirmation?

I’ve read some posts with similar questions but no one seems to have a concrete solution

Thanks in advance

christianlupus · April 9, 2025, 8:28am

So, this CURL request you write was extracted from Postman?

You could verify the headers (look at curl -v as well as the web dev tools in postman) to see if there was a discrepancy.

I first guessed it is a problem with the OCS-APIRequest header.

Chris

zx81 · April 9, 2025, 1:09pm

Hi, the curl does not come from Postman, I’ve use it just for testing.

The header OCS… is right, without it the error is different.

christianlupus · April 9, 2025, 2:44pm

OK, I looked a bit into the code. I think I found something but I am not sure as not all pieces fall into a correct spot.

Are you trying to change the currently logged in user’s mail or (as an admin) the mail address from another user?

Can you please let Postman create a curl request for the request in question? You can hide password, user name, and host if you like as well as session cookies. Let’s have a look what there the difference is.

I can (if I know more details) also run this against my test instance and see if I can debug it further.

Chris

zx81 · May 1, 2025, 6:55pm

Hi, I’m changing the email (or password) of another user, but using the admin credentials.

I’ve solved it modifying the http request, normally I only use SetHeader “Authorization”,“Basic xxxxx”, I’ve added also to the request SetCredentials user,password,0 (basic auth) and now it works. Don’t know why I need to set the credentials in two parts, also this only happens in ocs/v1.php api since in ocs/v2.php there is no problem.

Thanks

system · July 30, 2025, 6:55pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.