Updating password for a specific user leads to error

andrew_dat · November 11, 2024, 9:34am

Product/components used and version/fix level:

Cumulocity IoT API Core, 1020.39.0

Detailed explanation of the problem:

The error is occurred during the PUT request
https://<TENANT_DOMAIN>/user/{tenantId}/users/{userId}
https://cumulocity.com/api/core/#operation/putUserResource
The request’s body is

{ "password": "..." }

The password must be correct according to the documentation.

The problem is unclear because this request was used for several years and nothing was changed from my side. But I faced this problem on October 7 for about a day the first time and then from November 6 till now. So I can’t change the password this way.
The authorization is the same and nothing was changed in the credentials (weren’t reset or modified on Cumulocity / client). The rest parameters <TENANT_DOMAIN>, {tenantId} and {userId} weren’t changed as well.

Error messages / full error message screenshot / log file:

The response on the above request is

{"message":"Cannot change password for another user.","error":"undefined/validationError","info":"https://cumulocity.com/guides/users-guide/getting-started/"}

Question:

Can it be connected with this Change logs - Cumulocity IoT documentation ?

image1123×416 26.2 KB
Why could this happen so suddenly?

Question related to a free trial, or to a production (customer) instance?

No.

Harald_Meyer · November 11, 2024, 11:27am

Hi Andrew,

if this is a device user, then, yes, the change you are linking to explains the changed behavior. I suspect on Nov 6, the environment you are using was updated to include the change (not sure about Oct 7 though).

There was a previous change for non-device users, going in a similar direction:

We try to avoid doing breaking API changes if at all possible but this is a security improvement that required the change in behaviour.

Best regards,
Harald

andrew_dat · November 11, 2024, 11:55am

Hi Harald,

Thank you for your answer!

Could you please tell me how I can compare in which version certain changes were made?
How could I receive notifications about changes that could break the API? May I manage environment updates?
Where can I see the current OpenAPI specification for my version?

Best Regards,
Andrew

Harald_Meyer · November 12, 2024, 12:21pm

Hi Andrew,

the best approach is to regularly monitor the change logs. The dates in the log are in relation to when the change was applied to the eu-latest environment. The other public environments follow with some delay if there were no issues observed.

For breaking changes, there will be an announcement at least a couple of month before the change is actually applied.

If you are on a public, shared environment you cannot manage the changes yourself.

The OpenAPI specifications, as you probably known, are available here:
https://www.cumulocity.com/api/

We provide access to different major versions of the API.