Changing the Password of an Immutable Account

Owned by Jessi Weithman
Apr 18, 2024
2 min read

Use the CollectionSpace API to change the password of immutable accounts like the default administrator and reader accounts. Here are instructions for one way to do this.

Base 64 encode your new password

First, encode your new password as a base 64 string. You can do this on Linux using the base64 utility. For example:

$ echo -n 'This is the password' | base64
VGhpcyBpcyB0aGUgcGFzc3dvcmQ=

Create a file with the XML update payload

Next, you'll need to create the XML payload for the API and include the new base 64 encoded password. It should look something like this:

<ns2:accounts_common xmlns:ns2="http://collectionspace.org/services/account">
    <userId>admin@core.collectionspace.org</userId>
    <password>VGhpcyBpcyB0aGUgcGFzc3dvcmQ=</password>
</ns2:accounts_common>

Copy this XML to a file named something like: myAccountUpdate.xml

Get the account's CSID

Next, you'll need to get the CSID (CollectionSpace ID) of the account whose password you want to change. You can use a browser and a URL endpoint like this to get the CSID:

http://core.collectionspace.org:8180/cspace-services/accounts

Make an HTTP request

Once you have the account's CSID, you can make an HTTP PUT request that looks something like this:

curl -X PUT http://${domain}:8180/cspace-services/accounts/${csid} -i -u ${user}:${password} -H "Content-Type: application/xml" -T ${file}

${domain} - something like "core.collectionspace.org"
${csid} - CSID of the account
${user} - CollectionSpace username that has permissions to make changes to Accounts resources
${password} - The password for the ${user} account above.
${file} - The XML payload file containing the new password

For example, here is what an actual request might look like:

curl -X PUT http://core.collectionspace.org:8180/cspace-services/accounts/820b9795-fa4b-4142-9b61-e0f9de577d8f -i -u admin@core.collectionspace.org:Administrator -H "Content-Type: application/xml" -T myAccountUpdate.xml

The output of a successful API request will look something like this:

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Type: application/xml
Content-Length: 555

Verify the new password

Voila!  The account has a new password.  You can test it by trying to login to the UI.