Automated commit by github action: 4832382054

static/api-specs/idn/v3/paths/set-password.yaml

@@ -6,9 +6,45 @@ post:
   description: |
     This API is used to set a password for an identity. 
     
-    An identity can change their own password if they use a token generated by their IDN user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or ["authorization_code" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow).
+    An identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their IDN user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or ["authorization_code" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow).
     
-    A token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) can be used to change **any** identity's password.  "API authority" refers to a token that only has the "client_credentials" grant type.
+    A token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) can be used to change **any** identity's password or the password of any of the identity's accounts. 
+    "API authority" refers to a token that only has the "client_credentials" grant type.
+
+    You can use this endpoint to generate an `encryptedPassword` (RSA encrypted using publicKey. 
+    To do so, follow these steps:
+
+    1. Use [Query Password Info](https://developer.sailpoint.com/idn/api/v3/query-password-info) to get the following information: `identityId`, `sourceId`, `publicKeyId`, `publicKey`, `accounts`, and `policies`. 
+
+    2. Choose an account from the previous response that you will provide as an `accountName` in your request to set an encrypted password. 
+
+    3. Use [Set Identity's Password](https://developer.sailpoint.com/idn/api/v3/set-password) and provide the information you got from your earlier query. Then add this code to your request to get the encrypted password:
+
+    ```java
+    import javax.crypto.Cipher;
+    import java.security.KeyFactory;
+    import java.security.PublicKey;
+    import java.security.spec.X509EncodedKeySpec;
+    import java util.Base64;
+
+    String encrypt(String publicKey, String toEncrypt) throws Exception {
+      byte[] publicKeyBytes = Base64.getDecoder().decode(publicKey);
+      byte[] encryptedBytes = encryptRsa(publicKeyBytes, toEncrypt.getBytes("UTF-8"));
+      return Base64.getEncoder().encodeToString(encryptedBytes);
+    }
+
+    private byte[] encryptRsa(byte[] publicKeyBytes, byte[] toEncryptBytes) throws Exception {
+      PublicKey key = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(publicKeyBytes));
+      String transformation = "RSA/ECB/PKCS1Padding";
+      Cipher cipher = Cipher.getInstance(transformation);
+      cipher.init(1, key);
+      return cipher.doFinal(toEncryptBytes);
+    }
+    ```    
+    
+    In this example, `toEncrypt` refers to the plain text password you are setting and then encrypting, and the `publicKey` refers to the publicKey you got from the first request you sent. 
+
+    You can then use [Get Password Change Request Status](https://developer.sailpoint.com/idn/api/v3/get-password-change-status) to check the password change request status. To do so, you must provide the `requestId` from your earlier request to set the password. 
   requestBody:
     required: true
     content: