# ChangePassword


Changes the password for the currently signed-in user.

Authorize this action with a signed-in user's access token. It must include the scope `aws.cognito.signin.user.admin`.

**Note**  
Amazon Cognito doesn't evaluate Amazon Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see [Using the Amazon Cognito user pools API and user pool endpoints](https://docs.amazonaws.cn/cognito/latest/developerguide/user-pools-API-operations.html).

## Request Syntax


```
{
   "AccessToken": "string",
   "PreviousPassword": "string",
   "ProposedPassword": "string"
}
```

## Request Parameters


For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [AccessToken](#API_ChangePassword_RequestSyntax) **   <a name="CognitoUserPools-ChangePassword-request-AccessToken"></a>
A valid access token that Amazon Cognito issued to the user whose password you want to change.  
Type: String  
Pattern: `[A-Za-z0-9-_=.]+`   
Required: Yes

 ** [PreviousPassword](#API_ChangePassword_RequestSyntax) **   <a name="CognitoUserPools-ChangePassword-request-PreviousPassword"></a>
The user's previous password. Required if the user has a password. If the user has no password and only signs in with passwordless authentication options, you can omit this parameter.  
Type: String  
Length Constraints: Maximum length of 256.  
Pattern: `[\S]+`   
Required: No

 ** [ProposedPassword](#API_ChangePassword_RequestSyntax) **   <a name="CognitoUserPools-ChangePassword-request-ProposedPassword"></a>
A new password that you prompted the user to enter in your application.  
Type: String  
Length Constraints: Maximum length of 256.  
Pattern: `[\S]+`   
Required: Yes

## Response Elements


If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors


For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** ForbiddenException **   
This exception is thrown when Amazon WAF doesn't allow your request based on a web ACL that's associated with your user pool.    
 ** message **   
The message returned when Amazon WAF doesn't allow your request based on a web ACL that's associated with your user pool.
HTTP Status Code: 400

 ** InternalErrorException **   
This exception is thrown when Amazon Cognito encounters an internal error.    
 ** message **   
The message returned when Amazon Cognito throws an internal error exception.
HTTP Status Code: 500

 ** InvalidParameterException **   
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.    
 ** message **   
The message returned when the Amazon Cognito service throws an invalid parameter exception.  
 ** reasonCode **   
The reason code of the exception.
HTTP Status Code: 400

 ** InvalidPasswordException **   
This exception is thrown when Amazon Cognito encounters an invalid password.    
 ** message **   
The message returned when Amazon Cognito throws an invalid user password exception.
HTTP Status Code: 400

 ** LimitExceededException **   
This exception is thrown when a user exceeds the limit for a requested Amazon resource.    
 ** message **   
The message returned when Amazon Cognito throws a limit exceeded exception.
HTTP Status Code: 400

 ** NotAuthorizedException **   
This exception is thrown when a user isn't authorized.    
 ** message **   
The message returned when the Amazon Cognito service returns a not authorized exception.
HTTP Status Code: 400

 ** PasswordHistoryPolicyViolationException **   
The message returned when a user's new password matches a previous password and doesn't comply with the password-history policy.  
HTTP Status Code: 400

 ** PasswordResetRequiredException **   
This exception is thrown when a password reset is required.    
 ** message **   
The message returned when a password reset is required.
HTTP Status Code: 400

 ** ResourceNotFoundException **   
This exception is thrown when the Amazon Cognito service can't find the requested resource.    
 ** message **   
The message returned when the Amazon Cognito service returns a resource not found exception.
HTTP Status Code: 400

 ** TooManyRequestsException **   
This exception is thrown when the user has made too many requests for a given operation.    
 ** message **   
The message returned when the Amazon Cognito service returns a too many requests exception.
HTTP Status Code: 400

 ** UserNotConfirmedException **   
This exception is thrown when a user isn't confirmed successfully.    
 ** message **   
The message returned when a user isn't confirmed successfully.
HTTP Status Code: 400

 ** UserNotFoundException **   
This exception is thrown when a user isn't found.    
 ** message **   
The message returned when a user isn't found.
HTTP Status Code: 400

## Examples


### Example


The following example changes the password of the user with the access key "eyJra456defEXAMPLE" and current password "MyCurrentPassword1\$1".

#### Sample Request


```
POST HTTP/1.1
Host: cognito-idp.us-west-2.amazonaws.com
X-Amz-Date: 20230613T200059Z
Accept-Encoding: gzip, deflate, br
X-Amz-Target: AWSCognitoIdentityProviderService.ChangePassword
User-Agent: <UserAgentString>
Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=<Headers>, Signature=<Signature>
Content-Length: <PayloadSizeBytes>
{
   "AccessToken": "eyJra456defEXAMPLE",
   "PreviousPassword": "MyCurrentPassword1!",
   "ProposedPassword": "MyNewPassword2!"
}
```

#### Sample Response


```
HTTP/1.1 200 OK
Date: Tue, 13 Jun 2023 20:00:59 GMT
Content-Type: application/x-amz-json-1.0
Content-Length: <PayloadSizeBytes>
x-amzn-requestid: a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111
Connection: keep-alive
{}
```

## See Also


For more information about using this API in one of the language-specific Amazon SDKs, see the following:
+  [Amazon Command Line Interface V2](https://docs.amazonaws.cn/goto/cli2/cognito-idp-2016-04-18/ChangePassword) 
+  [Amazon SDK for .NET V4](https://docs.amazonaws.cn/goto/DotNetSDKV4/cognito-idp-2016-04-18/ChangePassword) 
+  [Amazon SDK for C\$1\$1](https://docs.amazonaws.cn/goto/SdkForCpp/cognito-idp-2016-04-18/ChangePassword) 
+  [Amazon SDK for Go v2](https://docs.amazonaws.cn/goto/SdkForGoV2/cognito-idp-2016-04-18/ChangePassword) 
+  [Amazon SDK for Java V2](https://docs.amazonaws.cn/goto/SdkForJavaV2/cognito-idp-2016-04-18/ChangePassword) 
+  [Amazon SDK for JavaScript V3](https://docs.amazonaws.cn/goto/SdkForJavaScriptV3/cognito-idp-2016-04-18/ChangePassword) 
+  [Amazon SDK for Kotlin](https://docs.amazonaws.cn/goto/SdkForKotlin/cognito-idp-2016-04-18/ChangePassword) 
+  [Amazon SDK for PHP V3](https://docs.amazonaws.cn/goto/SdkForPHPV3/cognito-idp-2016-04-18/ChangePassword) 
+  [Amazon SDK for Python](https://docs.amazonaws.cn/goto/boto3/cognito-idp-2016-04-18/ChangePassword) 
+  [Amazon SDK for Ruby V3](https://docs.amazonaws.cn/goto/SdkForRubyV3/cognito-idp-2016-04-18/ChangePassword)