Change to the password policy

The policies specified by Haiilo with regard to the complexity of passwords are relatively low:
A password must include six characters and at least one number. However, you can customize the complexity of the passwords using the REST API.

To authenticate yourself via API, you need an OAuth token before you can change settings. Haiilo doesn't have to be restarted, changes are applied straight away.


The change in complexity applies to new users who are logging into Haiilo for the first time and those who are changing or resetting their passwords. The change via REST API has no effect on the Haiilo app.

Request OAuth token

curl --user '<API_CLIENT_ID>':'<API_CLIENT_SECRET>' -X POST -d \"grant_type=password&username=<username>&password=<password>\" https://<COYO_BACKEND_URL>/api/oauth/token

This endpoint is secured with Basic Auth. You can find the login details in the Haiilo Administration under API clients.

The backend URL corresponds to your Haiilo URL.

As a response, there’s a bearer token aka access token, which must be stated for further authentication requests.

Display current settings

Perform a GET for the settings:

curl -x GET https://<COYO_BACKEND_URL>/api/settings/public

Target response:

\"linkPattern\": \"[linkPattern]\",
\"emailPattern\": \"[emailPattern]\",
\"networkName\": \"[networkName]\",
\"phonePattern\": \"[phonePattern]\",
\"jsLogThrottle\": \"[jsLogThrottle]\",
\"passwordPattern\": \"[passwordPattern]\"

Edit settings

Copy the response and make your preferred customizations to \"passwordPattern\". Please note that the \"passwordPattern\" must be written in RegEx.

curl -x 
https://<COYO_BACKEND_URL>/api/settings?access_token=<ACCESS_TOKEN> -H \"Authorization: Bearer <access_token>\"-H 'Content-Type: application/json' -d '{
\"linkPattern\": \"[linkPattern]\",
\"emailPattern\": \"[emailPattern]\",
\"networkName\": \"[networkName]\",
\"phonePattern\": \"[phonePattern]\",
\"jsLogThrottle\": \"[sLogThrottle]\",
\"passwordPattern\": \"[passwordPattern]\"

RegEx rules

^ The password string begins with this
(?=.*[a-z]) The password must contain at least one lower-case letter
(?=.*[A-Z]) The password must contain at least one upper-case letter
(?=.*[0-9]) The password must contain at least one number
(?=.*[!@#\\$%\\^&]) The password must contain at least one special character
.{8,}$ The password must be at least 8 characters long


Here's an example of a passwordPattern with the requirements:

  • at least 10 characters long
  • contains at least one special character (!\$%&#)
  • contains at least one number (0-9)
  • contains at least one upper-case letter 

Was this article helpful?