> ## Documentation Index > Fetch the complete documentation index at: https://docs.dintero.com/llms.txt > Use this file to discover all available pages before exploring further. # Change password > Specify the email address of the user whose password you would like to reset. If the call is successful, the user will receive an email prompting them to change their password. The caller must have scope `write:accounts:/auth/users` to perform a change password request. scopes: - write:accounts:/auth/users ## OpenAPI ````yaml /mintlify-docs/openapi/spec-customers.yaml post /accounts/{aid}/customers/change_password openapi: 3.0.0 info: title: Customers API description: > API for managing customers # Changelog All notable changes to the API. ## 2026-02-13 > **new**: Add endpoint for searching organization subunits (branches). > Extended organization search to include `underenheter` (subunits) information in the response. > Currently supports Norway (`no`) organization lookups. > - [GET /search/external/organizations/{country}/{organization_number}/subunits](/customers-api/organizations/aid_get_external_organization_subunits) > - [GET /search/external/organizations/{country}/{organization_number}](/customers-api/organizations/aid_get_external_organizations) ## 2025-07-01 > **new**: Extend `marketing_consent` for customer user to support custom consents > - [POST /customers/users](/customers-api/users/aid_customers_post) ## 2024-09-01 > **new**: Make country parameter dynamic and add support for Denmark. > - [GET /search/external/organizations/no (renamed to GET /search/external/organizations/{country})](/extension-api/organizations/aid_search_external_organizations_country) ## 2024-03-01 > **doc**: Improve description for customer `enrolled_by` type, add > examples > - [POST /customers/users](/customers-api/users/aid_customers_post) ## 2023-10-01 > **new**: Support new customer type `contact`. A user contact can be > linked with users and a search matching a contact will match its > linked users > - [POST /customers/users](/customers-api/users/aid_customers_post) > - [PUT /customers/users/{customer_id}](/customers-api/users/aid_customers_cid_put) > - [GET /v1/accounts/{aid}/customers/users?type=contact](/customers-api/users/aid_customers_get) ## 2023-09-01 > **new**: Add endpoint for validating a given address and returning close matching alternatives if found. > - [POST /v1/accounts/{aid}/search/external/address/{country}/validate](/customers-api/addresses/aid_search_external_validate_address) ## 2020-12-01 > Add endpoint for getting multiple addresses for given organization number. > - [GET /search/external/organizations/{country}/{organization_number}](/customers-api/organizations/aid_get_external_organizations) ## 2021-10-01 > Support multiple users sharing the same `phone_number`. Use the new `users.phone_number_validation.allow_duplicates` option to control the unique phone_number constraint on users > - [PUT /customers/settings](http://localhost:8080/customers-api/settings/aid_customers_atributes_put) ## 2021-03-01 > Support new [customer](customer) type `other`. > - [POST /customers/users](/customers-api/users/aid_customers_post) > - [PUT /customers/users/{customer_id}](/customers-api/users/aid_customers_cid_put) ## 2021-02-01 > Extend customer `enrolled_by.type` to allow any string value, not just `url`, > `store` and `custom`. > > - [POST /v1/accounts/{aid}/customers/users](/customers-api/users/aid_customers_post) > - [PUT /v1/accounts/{aid}/customers/users/{customer_id}](/customers-api/users/aid_customers_cid_put) > Add support for removing customer terms and `include_deleted` when getting > list of all terms. > > - [DELETE /v1/accounts/{aid}/customers/terms/{tid}](/customers-api/terms/aid_customers_terms_tid_delete) > - [GET /v1/accounts/{aid}/customers/terms/{tid}](/customers-api/terms/aid_customers_terms_get) ## 2021-01-01 > Add support for limited access to customer > details with `user:customers:/customer/details` > - [GET /v1/accounts/{aid}/customers/users/{customer_id}](/customers-api/users/aid_customers_cid_get) > > Add support for logging on without MFA even if configured with MFA > - [GET /v1/accounts/{aid}/customers/login](/customers-api/password/aid_customers_login_post) ## 2020-12-01 > **new** Support filter users with `type` query parameter. > - [GET /v1/accounts/{aid}/customers/users?type=company](/customers-api/users/aid_customers_get) ## 2020-11-01 > **new** Support filter user tokens with `include_deleted` query parameter. > - [GET /v1/accounts/{aid}/customers/users/{cid}/tokens?include_deleted=false](/customers-api/tokens/aid_customers_cid_tokens_get) > **new** Support filter and search on sales locations > - [GET /v1/accounts/{aid}/locations](/customers-api/locations/aid_locations_get) > **new** Extend SalesLocation with `address.latitude`, `address.longitude`, > `chain`, `mcc`, `gln` and `franchise`. The `account_id` will be included > in any SalesLocation responses. > - [GET /v1/accounts/{aid}/locations](/customers-api/locations/aid_locations_get) ## 2020-05-01 > Add setting for require verification when updating user phone_number. Prevent > all update of user phone_number without completing a verification via SMS. > - [PUT /customers/settings](http://localhost:8080/customers-api/settings/aid_customers_atributes_put) ## 2020-04-01 > Adds proxy to enhetsregisteret. > - [GET /search/external/organizations/no/?name=dintero](#operation/aid_search_external_organizations_no) ## 2020-03-10 > Add support for `attributes_keys` and `attributes_values` query > parameters for filtering customer users > - [GET /customers/users?attributes_keys=key&attributes_values=value](/customers-api/users/aid_customers_get) ## 2020-02-28 > Add support for enabling automatic tokens when phone numbers or emails change > - [PUT /customers/settings](/customers-api/settings/aid_customers_atributes_put) ## 2019-09-31 > Extends settings with support for configuring > users `customer_id_format`. > - [PUT /customers/settings](/customers-api/settings/aid_customers_atributes_put) > Extends the TokenEvent definition with `expires_at > read only property. > Extends settings with support for configuring > token events expiry > - [PUT /customers/settings](/customers-api/settings/aid_customers_atributes_put) ## 2019-07-31 > Extend user Address, add support for `latitude`, > `longitude` and `comment` properties. > - [POST /customers/users](/customers-api/users/aid_customers_post) > - [PUT /customers/users/{customer_id}](/customers-api/users/aid_customers_cid_put) ## 2019-07-31 > Add new endpoint for deleting a tag > - [DELETE /customers/tags/{tag_id}](/customers-api/tags/aid_customers_tags_tid_delete) ## 2019-06-31 > The scope required for accessing endpoint has changed, > we will continue to support the old scopes but they was removed from > the documentation ## 2019-05-31 > Make type and company property optional when updating > a customer user > - [PUT /customers/users/{customer_id}](/customers-api/users/aid_customers_cid_put) ## 2019-01-31 > Support new customer type `employee`. > - [POST /customers/users](/customers-api/users/aid_customers_post) > - [PUT /customers/users/{customer_id}](/customers-api/users/aid_customers_cid_put) ## 2018-06-04 > Adding tokens to deleted customers will > now fail with BAD_REQUEST. > - [POST /customers/users/{customer_id}/tokens](/customers-api/tokens/aid_customers_cid_tokens_post) > Duplication control of `customer.email` is now > case insensitive. email case will be ignore on Search and login. > Add support for query parameter > `total` on GET user/token lists. Includes a `total-count` > header in the response when enabled.. > - [GET /customers/users/{customer_id}/tokens](/customers-api/tokens/aid_customers_cid_tokens_get) ## 2018-04-11 > Add support for `delete_token_events` parameter when > creating > - [POST /customers/users/{customer_id}/tokens](/customers-api/tokens/aid_customers_cid_tokens_post) > Add support for filtering token events by `since_datetime`. > - [GET /customers/tokens/events](/customers-api/tokens/aid_customers_tokens_events_get) > Delete customer and all tokens owed by the customer in one > request when using `delete_tokens` query parameter. > - [DELETE /customers/users/{customer_id}](/customers-api/users/aid_customers_cid_delete) > Token event status. The status in response will now be set > to `customer.status` if a customer with status is included > in the response. > - [POST /customers/tokens/events](/customers-api/tokens/aid_customers_tokens_events_post) ## 2018-02-15 > Add minimum length for token token_id/type/value > - [POST /customers/tokens/events](/customers-api/tokens/aid_customers_tokens_events_post) > - [DELETE /customers/tokens/events](/customers-api/tokens/aid_customers_tokens_events_delete) > - [POST /customers/users/uid/tokens](/customers-api/tokens/aid_customers_cid_tokens_post) > Add endpoint for GET/DELETE token events > - [DELETE /customers/tokens/events](/customers-api/tokens/aid_customers_tokens_events_delete) > - [GET /customers/tokens/events](/customers-api/tokens/aid_customers_tokens_events_get) ## 2018-02-02 > Add `type` property to the customer. > Support multiple customer types, add support for Company type for > additional properties > Move endpoints for retrieving/updating token (events), > use one endpoint for both retrieving and updating details about a token > - [POST /customers/tokens/events](/customers-api/tokens/aid_customers_tokens_events_post) contact: name: API Integration Support email: integration@dintero.com version: LATEST license: name: UNLICENSED url: https://dintero.com servers: - url: https://api.dintero.com/v1 security: - JWT: [] paths: /accounts/{aid}/customers/change_password: post: tags: - password summary: aid_customers_change_password description: | Specify the email address of the user whose password you would like to reset. If the call is successful, the user will receive an email prompting them to change their password. The caller must have scope `write:accounts:/auth/users` to perform a change password request. scopes: - write:accounts:/auth/users operationId: aid_customers_change_password parameters: - $ref: '#/components/parameters/accountId' requestBody: content: application/json: schema: type: object required: - audience - email - type properties: email: type: string audience: type: string description: | The unique identifier of the target API you want to access. The audience must be a grant associated with the client used when calling this resource. type: type: string enum: - customer - company description: | user type to login, required as users with different type can share email required: true responses: '204': description: Success '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/AccessForbidden' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/ServerError' security: - JWT: [] components: parameters: accountId: name: aid description: | An id that uniquely identifies the account. in: path required: true schema: type: string format: ^[PT]{1}\d{8}$ minLength: 9 maxLength: 9 responses: BadRequest: description: Bad / Invalid request content: application/json: schema: $ref: '#/components/schemas/Error' AccessForbidden: description: Access forbidden, invalid JWT token was used content: application/json: schema: $ref: '#/components/schemas/Error' Forbidden: description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Error' ServerError: description: Unexpected Error content: application/json: schema: $ref: '#/components/schemas/Error' schemas: Error: type: object required: - error properties: error: type: object required: - message properties: code: type: string description: The code used to identify the error/warning errors: type: array description: The nested error(s) encountered during validation items: type: object message: type: string description: The human readable description of the error/warning securitySchemes: JWT: type: http description: > Bearer authentication (token authentication) should be used for accessing the API. Use [Get Token](/api-reference/authenticate/aid_auths_oauth_token_post) to get an access token for client credentials. Pass the token in the request header: Authorization: Bearer {access_token} where the **access_token** is JSON Web Tokens (JWT). scheme: bearer bearerFormat: JWT ````