Progress DataDirect Hybrid Data Pipeline User's Guide Release 5.0.0

Configuring password and account lockout policies (API)

Save PDF

Configuring password and account lockout policies (API)

Save PDF

Last Updated: October 17, 2025
4 minute read

Hybrid Data Pipeline
Version 5.0
Documentation

You may configure the password and account lockout policies using Hybrid Data Pipeline APIs. The first step in configuring a password policy is retrieving the custom policy. After this step, you must then update and enable the custom policy. Then, you may optionally reset user passwords and configure an account lockout policy. The following API requests show how you may configure the password and account lockout policies.

Note: The Hybrid Data Pipeline account lockout policy is enabled by default in accordance with Federal Risk and Authorization Management Program (FedRAMP) low- and medium-risk guidelines. The number of failed authentication attempts is limited to 3 in a 15 minute period, when using a different password for each attempt. Once this limit is met, a lockout of the user account occurs for 30 minutes.

Retrieve the custom policy
Update the custom policy
Enable the custom policy
Trigger password reset
Require current password at reset
Set PasswordLockoutLimit
Set PasswordLockoutInterval
Set PasswordLockoutPeriod
Unlock a user account

Retrieve the custom policy

You may retrieve the custom policy with a GET request using the Administrator Password Policy API. As shown in the following example, the number 2 is the ID of the custom password policy.

GET https://MyServer:8443/api/admin/passwordpolicy/2

Response


{
    "id": 2,
    "name": "Custom Policy",
    "description": "Custom Password Policy",
    "rules": [
        {
            "ruleName": "PASSWORD_LENGTH_RULE",
            "minLength": 12,
            "ruleId": "pwdLengthRule",
            "maxLength": 128,
            "title": "Must contain at least 12 characters but no more than 128 characters"
        },
        {
            "ruleName": "SPECIAL_CLASS_RULE",
            "minChars": 1,
            "title": "Must contain at least 1 special character",
            "ruleId": "specialCharacterRule"
        },
        {
            "ruleName": "LOWER_CLASS_RULE",
            "minChars": 1,
            "title": "Must contain at least 1 lower case character",
            "ruleId": "lowerCaseCharacterRule"
        },
        {
            "ruleName": "UPPER_CLASS_RULE",
            "minChars": 1,
            "title": "Must contain at least 1 upper case character",
            "ruleId": "upperCaseCharacterRule"
        },
        {
            "ruleName": "NUMERIC_CLASS_RULE",
            "minChars": 1,
            "title": "Must contain at least 1 numeric character",
            "ruleId": "numericCharacterRule"
        }
    ],
    "expirationDays": 120
}

Update the custom policy

After retrieving the custom policy, you may modify and reuse the JSON response in the update payload to configure the policy as needed. For example, the following request specifies a new minimum and maximum for the password length and changes the number of days a password will expire. Again, the Administrator Password Policy API is used.

Important: All rules must be specified. The lower case, upper case, numeric, and special character rules may be disabled by specifying 0 (zero) for the minChars property.

PUT https://MyServer:8443/api/admin/passwordpolicy/2


{
    "id": 2,
    "name": "Custom Policy",
    "description": "Custom Password Policy",
    "rules": [
        {
            "ruleName": "PASSWORD_LENGTH_RULE",
            "minLength": 8,
            "ruleId": "pwdLengthRule",
            "maxLength": 32,
            "title": "Must contain at least 12 characters but no more than 128 characters"
        },
        {
            "ruleName": "SPECIAL_CLASS_RULE",
            "minChars": 1,
            "title": "Must contain at least 1 special character",
            "ruleId": "specialCharacterRule"
        },
        {
            "ruleName": "LOWER_CLASS_RULE",
            "minChars": 1,
            "title": "Must contain at least 1 lower case character",
            "ruleId": "lowerCaseCharacterRule"
        },
        {
            "ruleName": "UPPER_CLASS_RULE",
            "minChars": 1,
            "title": "Must contain at least 1 upper case character",
            "ruleId": "upperCaseCharacterRule"
        },
        {
            "ruleName": "NUMERIC_CLASS_RULE",
            "minChars": 1,
            "title": "Must contain at least 1 numeric character",
            "ruleId": "numericCharacterRule"
        }
    ],
    "expirationDays": 60
}

Enable the custom policy

You may then use the System Configurations API to enable the custom password policy. As this example shows, the number 6 is the configuration ID for enabling a password policy. The value 2 enables the custom policy. (Note that -1 disables the use of any password policy, and 1 enables the default policy.)

PUT https://MyServer:8443/api/admin/configurations/6


    {
      "value": 2
    }

Trigger password reset

Optionally, you may trigger a password user reset across the system with the Users API. This requires all users to reset their passwords within the specified number of days. As the following example shows, passwords across the system will expire in 30 days. Any users who have not reset their passwords within the 30 day period will no longer be able to use Hybrid Data Pipeline.

PUT https://MyServer:8443/api/admin/users/expirepassword


{
  "daysUntilExpiration": 30
}

Important:

When set to 0 (zero), passwords for user accounts expire immediately, requiring all users to reset their passwords.
A password reset applies to all users, including users with the NoPasswordExpiration (30) permission and administrators.
If the password for a user account is set to expire sooner than the specified number of days, that password's expiration will not be changed.

Require current password at reset

You may use the System Configurations API to configure whether users are required to provide their current password when resetting their password. As this example shows, the number 2 is the ID of the secureChangePassword attribute which manages this functionality. The value true requires users to provide their current password at reset. (Note that true is the default setting.)

PUT https://MyServer:8443/api/admin/configurations/2


{
   "value": "true"
}

Set PasswordLockoutLimit

You may set a password lockout limit using the Limits API. The following request updates the PasswordLockoutLimit to 2 login attempts. The number 3 is the ID of the PasswordLockoutLimit.

PUT https://MyServer:8443/api/admin/limits/system/3


    {
      "value": 2
    }

Set PasswordLockoutInterval

You may set the password lockout interval using the Limits API. The following request sets the time frame for failed authentication attempts to 1800 seconds (30 minutes). The number 2 is the ID of the PasswordLockoutInterval.

PUT https://MyServer:8443/api/admin/limits/system/2


    {
      "value": 1800
    }

Set PasswordLockoutPeriod

You may set the password lockout period using the Limits API. The following request sets the period a user would be locked out to 3600 seconds (60 minutes). The number 4 is the ID of the PasswordLockoutInterval.

PUT https://MyServer:8443/api/admin/limits/system/4


    {
      "value": 3600
    }

Unlock a user account

A user account can be unlocked by executing a PUT request on the statusinfo endpoint in the Users API. As the following example shows, the URL must include the user account ID, and the payload must include the accountLocked property with a value of false.

PUT https://MyServer:8443/api/admin/users/{account-id}/statusinfo

{
   "accountLocked": "false"
}

AccountLockedAt and AccountLockedUntil are additional properties that can be set when unlocking a user account. See Update status information on a user account for further details.