Docs‎ > ‎CA Live API Creator‎ > ‎Security‎ > ‎Managing users‎ > ‎

Setting the sa password using curl

If you'd like to change the password of the sa user, you can do it using curl. 

First, you'll need to determine the correct URL. The portion shown as https://api.acme.com in the following examples is the portion that you use as the Server when you log into the API Creator.

Step 1 - Get an API key for the sa user:

curl -d '{"username":"sa","password":"CURRENTPASSWORD"}' -H "Content-type: application/json" \
-X POST https://api.acme.com/rest/abl/admin/v2/@authentication

The response should be something like:

{
  "apikey": "94e248b6a192c006e07a77fdaa7f93b6",
  "expiration": "2015-11-06T02:15:50.088Z",
  "lastLoginTs": "2015-11-04T18:11:34.094Z",
  "lastLoginIP": "123.45.67.89",
  "email": "admin@acme.com"
}


You'll need to use the apikey value in the next two calls.

Step 2 - Retrieve the sa user

Using the API key we just retrieved, let's get the sa user:

curl -H "Authorization: CALiveAPICreator 94e248b6a192c006e07a77fdaa7f93b6:1" \
       -X GET https://api.acme.com/rest/abl/admin/v2/users/2

The response should look like:

[
  {
    "ident": 2,
    "ts": "2015-11-04T18:25:54.072092Z",
    "name": "sa",
    "fullname": "System Admin",
    "email": "admin@acme.com",
    "status": "A",
    "roles": "System administrator",
    "data": null,
    "comments": null,
    "apikey_lifespan": null,
    "password_hash": "jA0D60fG+sB310w9MpLVEah/lg/f9aJCnDcPtl14ho55o6koI0zZ+cpxQiwdHFvUuzEF4byogjJ/wV9sbSJp5w==",
    "password_salt": "QH7FeE7frVejG1E4KSlU0Q==",
    "project_ident": 3,
    "@metadata": {
      "href": "https://api.acme.com/rest/abl/admin/v2/admin:users/2",
      "checksum": "A:ff8fc7eaad8dbe66"
    }
  }
]

Note: some content is not shown as it's not relevant here.

You'll need the value of the checksum attribute for the next call.

Step 3 - Update the password

The final step is to update the sa user with a PUT, using the API key from the first call and the checksum from the second call:

curl -d '{"password_hash":"NEWPASSWORD","@metadata": {"href": "https://api.acme.com/rest/abl/admin/v2/admin:users/2","checksum": "A:ff8fc7eaad8dbe66"}}' \
    -H "Authorization: CALiveAPICreator 94e248b6a192c006e07a77fdaa7f93b6:1" \
    -H "Content-type: application/json" \
    -X PUT https://api.acme.com/rest/abl/admin/v2/users/2

The response should be something like:

{
  "statusCode": 200,
  "txsummary": [
    {
      "@metadata": {
        "href": "https://api.acme.com/rest/abl/admin/v2/admin:users/2",
        "resource": "admin:users",
        "verb": "UPDATE"
        "checksum": "A:d747ca75b28058ed"
      },
      "ident": 2,
      "ts": "2015-11-04T18:15:17.955629Z",
      "name": "sa",
      "fullname": "System Admin",
      "email": "admin@acme.com",
      "status": "A",
      "roles": "System administrator",
      "data": null,
      "comments": null,
      "apikey_lifespan": null,
      "password_hash": "9b/4OrzqFbOqELveMlq74pl3yTfD3v3Xrpe2ICBoTMnZ/RE8ZQBUq64bS4y3Dz9ASXh0qWZGq9XdQulSxbOyZQ==",
      "password_salt": "QH7FeE7frVejG1E4KSlU0Q==",
      "project_ident": 3
    }
  ]
}

Note that the password_hash has now changed, but not to your new password. That's because passwords are not stored anywhere, only a salted hash.

What about other users?

If you are using API Creator's built-in authentication provider, you can update the password (and name, email, etc...) of any user following this procedure.

Changing the password for the admin user is usually done in the API Creator (using the cogwheel menu, Your Account), but it can also be done using this procedure -- except that the ident of the admin user is normally 1000 instead of 2.