## POST /api/v2/shared-hosting/{accountId}/actions/reset-password **Reset hosting control-panel password** Set a new main cPanel account password for a cPanel-backed shared-hosting service. Get `accountId` from `GET /api/v2/shared-hosting` `data[].id`. This password is also used for FTP/SFTP, SSH and webmail access that authenticate as the cPanel user. Passwords must be 8-128 characters, include uppercase, lowercase, and a number, and be strong enough to pass guessability checks; weak passwords return `password_too_weak`. The existing password cannot be fetched and the response never echoes the new password. ### Related Endpoints - `GET /api/v2/shared-hosting/{accountId}/actions/sso`: Check control-panel SSO availability - `POST /api/v2/shared-hosting/{accountId}/actions/sso`: Create hosting control-panel SSO link - `GET /api/v2/shared-hosting/{accountId}/actions/pause`: Get hosting pause status ### Headers - `Accept`: application/json - `Authorization`: Bearer YOUR_API_KEY - Required API scopes: `write:hosting`, `console:services` - `Content-Type`: application/json ### Parameters - `accountId` (path, string, required): Public shared-hosting account ID. Get it from GET /api/v2/shared-hosting `data[].id`. Do not invent this value; use the exact ID returned by the referenced API response. Example: `acct_01hxa3b4c5d6e7f8g9h0j1k2m3` ### Request Body - `newPassword` (string, required): New main hosting password. Must include uppercase, lowercase, and a number, and must be strong enough to avoid `password_too_weak`. Example: `YOUR_NEW_CPANEL_PASSWORD` ### Request Examples #### Reset cPanel password ```bash curl -X POST "https://cloud.hostup.se/api/v2/shared-hosting/acct_01hxa3b4c5d6e7f8g9h0j1k2m3/actions/reset-password" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d '{ "newPassword": "YOUR_NEW_CPANEL_PASSWORD" }' ``` ```json { "newPassword": "YOUR_NEW_CPANEL_PASSWORD" } ``` ### Response Schema - `accountId` (string, required) Example: `acct_01hxa3b4c5d6e7f8g9h0j1k2m3` - `username` (string, required): The cPanel username whose password was changed. Example: `example` - `affectedAccess` (array, required): Access methods that use the same cPanel account password. Example: `["controlPanel","ftp","sftp","ssh","webmail"]` ### Responses #### 200 - Control-panel password changed. ```json { "accountId": "acct_01hxa3b4c5d6e7f8g9h0j1k2m3", "username": "example", "affectedAccess": [ "controlPanel", "ftp", "sftp", "ssh", "webmail" ] } ``` #### 400 - The supplied password is too weak or the request is invalid. ```json { "type": "https://developer.hostup.se/errors/password_too_weak", "title": "Password too weak", "status": 400, "detail": "Password is too easy to guess. Use a longer unique password or generate a stronger one before retrying.", "instance": "/api/v2/shared-hosting/acct_01hxa3b4c5d6e7f8g9h0j1k2m3/actions/reset-password", "code": "password_too_weak", "errors": [ { "pointer": "/body/newPassword", "detail": "Password is too easy to guess. Use a longer unique password or generate a stronger one before retrying.", "code": "password_too_weak" } ], "minimumScore": 3, "score": 1, "suggestions": [ "Use a longer unique password." ] } ``` #### 401 - Unauthorized. Authentication is required. ```json { "type": "https://developer.hostup.se/errors/unauthorized", "title": "Unauthorized", "status": 401, "detail": "Authentication is required.", "code": "unauthorized", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z" } ``` #### 403 - Forbidden. The caller lacks a required scope or does not own the resource. ```json { "type": "https://developer.hostup.se/errors/forbidden", "title": "Forbidden", "status": 403, "detail": "The caller lacks a required scope or does not own the resource.", "code": "forbidden", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z" } ``` #### 404 - Not found. The resource does not exist or is not owned by the caller. ```json { "type": "https://developer.hostup.se/errors/not_found", "title": "Not found", "status": 404, "detail": "The requested resource could not be found.", "code": "not_found", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z" } ``` #### 409 - The hosting account uses HostUp's legacy control panel, so control-panel password resets are not available through this API. ```json { "type": "https://developer.hostup.se/errors/account_not_eligible_cpanel", "title": "Control panel action unavailable", "status": 409, "detail": "Control panel password resets are only supported for hosting accounts on the cPanel control panel. This account uses HostUp's legacy control panel. Use the control panel SSO link to make the change manually, or contact support to migrate the account to a newer cPanel-backed plan.", "instance": "/api/v2/shared-hosting/acct_01hxa3b4c5d6e7f8g9h0j1k2m3/actions/reset-password", "code": "account_not_eligible_cpanel" } ``` #### 429 - Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers. ```json { "type": "https://developer.hostup.se/errors/rate_limit_exceeded", "title": "Too many requests", "status": 429, "detail": "Too many requests. Retry after the limit resets.", "code": "rate_limit_exceeded", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z" } ``` #### 500 - Internal error. Retry later or contact support if the issue persists. ```json { "type": "https://developer.hostup.se/errors/internal_error", "title": "Internal server error", "status": 500, "detail": "An unexpected error occurred. Retry later or contact support if the issue persists.", "code": "internal_error", "instance": "/api/v2/resource", "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3", "timestamp": "2026-04-27T12:34:56.000Z" } ```