AdminResetPassword URL

Resets passwords in the database.

This URL can be used by Administrators, to reset the password of a registered user (for example, if the registered user has forgotten his or her current password). The new password is then randomly generated by the system and e-mailed to the registered user.

There are three methods you can use to generate a temporary login for the user. As of Version, the first two methods are deprecated and will be removed in a future version.
  1. In the first method, a randomly generated password is emailed to the registered user.
  2. In the second method, a a long validation code that is based upon their ID and other information is emailed to the user. The user then enters the validation code along with a new password to update their login credentials. For more information, see Configuring Reset Password to use long validation codes.

Use this URL with SSL (Secure Sockets Layer) to ensure that the logon password and personal information are encrypted. To do so type the command with the HTTPS secure protocol.

Warning: Only use HTTP POST with this URL. By using HTTP GET, passwords can be logged in the browser history, or in web server logs.

URL structure

The fully qualified name of your HCL Commerce Server and the configuration path

Parameter values

Sets or resets the preferred language for the duration of the session; the supported languages for a store are found in the STORELANG table
The URL to be called when the command completes successfully
The reference number of a store
The logon ID of the registered user whose password is to be reset
The password of the currently logged in administrator. This is required as an extra security measure.


This example resets the password of the registered user who has a logon ID of aa. The system generates a password and e-mails it to the e-mail address associated with the logon ID aa:



Exception conditions

If a required parameter is missing or incorrect, the command sets an exception as follows:

Explanation Error Code Value
The URL is missing. ECSecurityConstants.ERR_MISSING_REDIRECTURL (1000)
The logon ID is missing. ECSecurityConstants.ERR_MISSING_LOGONID (2000)
The administrator's password is missing. ECSecurityConstants.ERR_MISSING_ADMINPASSWORD (2090)
The logon ID does not belong to a registered user. ECSecurityConstants.ERR_INVALID_LOGONID (2010)
The administrator's password is incorrect. ECSecurityConstants.ERR_INVALID_PASSWORD (2030)
The administrator's account is disabled. ECSecurityConstants.ERR_DISABLED_ACCOUNT (2110)

The error handler is ECConstants.EC_ERROR_CODE. The error view is ResetPasswordAdministratorErrorView.