Method: Check Password Policy
Description
Validates a passphrase against a password policy and returns whether it passes, along with a human-readable description of the policy rules. Useful for providing inline feedback in a password field before submitting a form.
The policy to validate against can be specified by policyid, by vaultid
(uses the policy configured on that vault), or omitted (uses the system default
user passphrase policy).
URL Syntax
/api/{version}/utils/checkpolicy
HTTP Method
POST
Successful HTTP Response
200
Parameters
Parameter name |
Description |
Parameter type |
Type |
Mandatory |
Comment |
|---|---|---|---|---|---|
X-Http-Token |
StoredSafe token |
HTTP Header |
String |
Yes |
|
passphrase |
The passphrase to validate |
JSON-encoded |
String |
Yes |
|
policyid |
ID of the password policy to validate against |
JSON-encoded |
String |
No |
Mutually exclusive with |
vaultid |
Use the policy configured on this vault |
JSON-encoded |
String |
No |
Mutually exclusive with |
fieldname |
Label used in rule descriptions (default “Password”)| JSON-encoded |
String |
No |
||
Response Attributes
Attribute |
Description |
Type |
|---|---|---|
CALLINFO.status |
SUCCESS or FAIL |
String |
CALLINFO.token |
StoredSafe token to be used in subsequent calls |
String |
CALLINFO.handler |
Handler used |
String |
CALLINFO.errors |
Number of errors |
Integer |
CALLINFO.errorcodes |
Number of error codes |
Integer |
CALLINFO.policy_name | Human-readable name of the policy |
String |
|
CALLINFO.policy_id | Numeric ID of the policy used |
Integer |
|
CALLINFO.passphrase_valid | |
Boolean |
|
CALLINFO.rules | Array of rule descriptions |
Array |
|
See Method: Obtain all password policies for the list of available policy IDs and their rules.
Example
Validate a passphrase against policy ID 2 (Normal Quality Password, 10+ chars mixed case and number).
Request
POST /api/1.0/utils/checkpolicy
X-Http-Token: your_storedsafe_token
Content-Type: application/json
{
"passphrase": "MyP4ssw0rd!",
"policyid": "2",
"fieldname": "Passphrase"
}
Response (passphrase meets policy)
HTTP/2 200
Content-Type: application/json
{
"CALLINFO": {
"errorcodes": 0,
"errors": 0,
"general": [],
"handler": "UtilsHandler",
"status": "SUCCESS",
"token": "rotated_storedsafe_token",
"policy_name": "Normal Quality Password (10+ chars, mixed case and number)",
"policy_id": 2,
"passphrase_valid": true,
"rules": [
"Passphrase must be at least 10 characters long"
]
},
"DATA": { ... },
"HEADERS": { ... },
"PARAMS": []
}
Response (passphrase does not meet policy)
HTTP/2 200
Content-Type: application/json
{
"CALLINFO": {
"errorcodes": 0,
"errors": 0,
"general": [],
"handler": "UtilsHandler",
"status": "SUCCESS",
"token": "rotated_storedsafe_token",
"policy_name": "Normal Quality Password (10+ chars, mixed case and number)",
"policy_id": 2,
"passphrase_valid": false,
"rules": [
"Passphrase must be at least 10 characters long"
]
},
"DATA": { ... },
"HEADERS": { ... },
"PARAMS": []
}