Modify Your Password History Settings

Endpoint URL: {registrationDomain} /entityType.setPasswordSettings


Manages the password history settings for an entity type. To enable password history, set the historySize property to an integer value between 1 and 10, inclusive. This integer value determines the number of passwords the entity type will keep track of and, perhaps more important, prevent the user from reusing any of those passwords. For example, suppose historySize is set to 3, and the user has already employed the following 3 passwords:

  • password1
  • password2
  • password3

If a user needs to reset their password and they try using any of those previous passwords (password1, password2, password3,  that password reset effort will be rejected. Instead, the user must use a password that's not currently in their password history.

If historySize is set to 1, that prevents the user from reusing their current password; if historySize is set to 0, then password history is disabled and the user is free to reset their password to anything, including their current password. Note that, by default, password history is disabled on all your entity types.

Respects the API Client Allow List: Yes

API Client Permissions

The following table indicates the API clients that can (and the API clients that can't) be used to call this endpoint:



This endpoint supports Basic authentication.

How to Create an Authentication String

Base URL

The base URL for this endpoint is your Identity Cloud Capture domain; for example:

Your Capture domains (also known as Registration domains) can be found in the Console on the Manage Application page:


Example Request

This command set the password history size of the user entity type to 7..

curl -L -X POST \
  'https://' \
  -H 'Authorization: Basic bmtmcW5iZDN0NGU1NW55YnIzbW5uaHB6czg3NTY0bng6c2VtdTJoc3A0NmQ0ajhzNWZ4eHJ6Y25jY2EybnI1dGU=' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'settings={"historySize": 7}' \
  --data-urlencode 'type_name=user' \
  --data-urlencode 'application_id=3vadba3vhqpkdgtsrqd4st76m3'

      Running this command in Postman

Example Response

    "settings": {
        "historySize": 1
    "stat": "ok"

Query Parameters

application_idstringYesUnique identifier of your Identity Cloud application. You can find your application ID on Console’s Manage Application page.
type_namestringYesName of the entity type where password history is being enabled (or disabled).
settingsstringYesJSON array containing the historySize property followed by an integer value indicating the number of passwords to maintain in the password history; for example, the value 5 indicates that a user’s last 5 passwords (including the current password) should be retained. 

The historySize property must be set to a value from 0 to 10 inclusive, with 0 indicating that you want to disable password history. If you set historySize to any other value (e.g., 12) your API call will fail.

Note that the settings parameter must be formatted using JavaScript Object Notation (JSON). Note that historySize is currently the only property that can be used with the settings parameter.