Method: Check Password Policy

Description

Validates a passphrase against a password policy and returns whether it passes, along with a human-readable description of the policy rules. Useful for providing inline feedback in a password field before submitting a form.

The policy to validate against can be specified by policyid, by vaultid (uses the policy configured on that vault), or omitted (uses the system default user passphrase policy).

URL Syntax

/api/{version}/utils/checkpolicy

HTTP Method

POST

Successful HTTP Response

200

Parameters

Parameter name

Description

Parameter type

Type

Mandatory

Comment

X-Http-Token

StoredSafe token

HTTP Header

String

Yes

passphrase

The passphrase to validate

JSON-encoded

String

Yes

policyid

ID of the password policy to validate against

JSON-encoded

String

No

Mutually exclusive with vaultid

vaultid

Use the policy configured on this vault

JSON-encoded

String

No

Mutually exclusive with policyid

fieldname

Label used in rule descriptions (default “Password”)| JSON-encoded

String

No

Response Attributes

Attribute

Description

Type

CALLINFO.status

SUCCESS or FAIL

String

CALLINFO.token

StoredSafe token to be used in subsequent calls

String

CALLINFO.handler

Handler used

String

CALLINFO.errors

Number of errors

Integer

CALLINFO.errorcodes

Number of error codes

Integer

CALLINFO.policy_name | Human-readable name of the policy

String

CALLINFO.policy_id | Numeric ID of the policy used

Integer

CALLINFO.passphrase_valid | true if passphrase meets the policy

Boolean

CALLINFO.rules | Array of rule descriptions

Array

See Method: Obtain all password policies for the list of available policy IDs and their rules.

Example

Validate a passphrase against policy ID 2 (Normal Quality Password, 10+ chars mixed case and number).

Request

POST /api/1.0/utils/checkpolicy
X-Http-Token: your_storedsafe_token
Content-Type: application/json
{
    "passphrase": "MyP4ssw0rd!",
    "policyid": "2",
    "fieldname": "Passphrase"
}

Response (passphrase meets policy)

HTTP/2 200
Content-Type: application/json
{
    "CALLINFO": {
        "errorcodes": 0,
        "errors": 0,
        "general": [],
        "handler": "UtilsHandler",
        "status": "SUCCESS",
        "token": "rotated_storedsafe_token",
        "policy_name": "Normal Quality Password (10+ chars, mixed case and number)",
        "policy_id": 2,
        "passphrase_valid": true,
        "rules": [
            "Passphrase must be at least 10 characters long"
        ]
    },
    "DATA": { ... },
    "HEADERS": { ... },
    "PARAMS": []
}

Response (passphrase does not meet policy)

HTTP/2 200
Content-Type: application/json
{
    "CALLINFO": {
        "errorcodes": 0,
        "errors": 0,
        "general": [],
        "handler": "UtilsHandler",
        "status": "SUCCESS",
        "token": "rotated_storedsafe_token",
        "policy_name": "Normal Quality Password (10+ chars, mixed case and number)",
        "policy_id": 2,
        "passphrase_valid": false,
        "rules": [
            "Passphrase must be at least 10 characters long"
        ]
    },
    "DATA": { ... },
    "HEADERS": { ... },
    "PARAMS": []
}