Update Password Endpoint using Devise in Rails 5.1 API App

Implement the update action in passwords controller.

def update
  user = User.with_reset_password_token(params[:reset_password_token])

  if user&.update(password_params)      
    render json: user, status: :ok
    render json: {error: ['Password update failed']}, status: :internal_server_error


def password_params

The with_reset_password_token class method is provided by Devise. The reset_password_token is stored in encrypted form so:

User.find_by(reset_password_token: params[:reset_password_token])

will fail to retrieve the record from the database.


URL: users/password
Input: password, resetpasswordtoken

We can send a PUT request using cURL, we need to copy the reset_password_token from the reset password email link from the development log.

curl -X PUT --data "password=secret&reset_password_token=9nXHzCb" http://localhost:3000/users/password

The response for success:


I am using the JSON API specification. For failure case:

      "Password update failed"

In this article, we saw how to update password by customizing Devise in a Rails 5.1 API app.

Related Articles

Ace the Technical Interview

  • Easily find the gaps in your knowledge
  • Get customized lessons based on where you are
  • Take consistent action everyday
  • Builtin accountability to keep you on track
  • You will solve bigger problems over time
  • Get the job of your dreams

Take the 30 Day Coding Skills Challenge

Gain confidence to attend the interview

No spam ever. Unsubscribe anytime.