Stytch · Schema
api_password_v1_StrengthCheckResponse
AuthenticationIdentityPasswordlessSecurityB2BConnected AppsMCPAI AgentsDeveloper Tools
Properties
| Name | Type | Description |
|---|---|---|
| request_id | string | Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug |
| valid_password | boolean | Returns `true` if the password passes our password validation. We offer two validation options, [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy) is the default option which offers a |
| score | integer | The score of the password determined by [zxcvbn](https://github.com/dropbox/zxcvbn). Values will be between 1 and 4, a 3 or greater is required to pass validation. |
| breached_password | boolean | Returns `true` if the password has been breached. Powered by [HaveIBeenPwned](https://haveibeenpwned.com/). |
| strength_policy | string | The strength policy type enforced, either `zxcvbn` or `luds`. |
| breach_detection_on_create | boolean | Will return `true` if breach detection will be evaluated. By default this option is enabled. This option can be disabled in the [dashboard](https://stytch.com/dashboard/password-strength-config#breach |
| status_code | integer | The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server |
| feedback | object | Feedback for how to improve the password's strength [HaveIBeenPwned](https://haveibeenpwned.com/). |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/api_password_v1_StrengthCheckResponse",
"title": "api_password_v1_StrengthCheckResponse",
"type": "object",
"properties": {
"request_id": {
"type": "string",
"description": "Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue."
},
"valid_password": {
"type": "boolean",
"description": "Returns `true` if the password passes our password validation. We offer two validation options, [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy) is the default option which offers a high level of sophistication. We also offer [LUDS](https://stytch.com/docs/guides/passwords/strength-policy) which is less sophisticated but easier to understand. If an email address is included in the call we also require that the password hasn't been compromised using built-in breach detection powered by [HaveIBeenPwned](https://haveibeenpwned.com/)."
},
"score": {
"type": "integer",
"format": "int32",
"description": "The score of the password determined by [zxcvbn](https://github.com/dropbox/zxcvbn). Values will be between 1 and 4, a 3 or greater is required to pass validation."
},
"breached_password": {
"type": "boolean",
"description": "Returns `true` if the password has been breached. Powered by [HaveIBeenPwned](https://haveibeenpwned.com/)."
},
"strength_policy": {
"type": "string",
"description": "The strength policy type enforced, either `zxcvbn` or `luds`."
},
"breach_detection_on_create": {
"type": "boolean",
"description": "Will return `true` if breach detection will be evaluated. By default this option is enabled. This option can be disabled in the [dashboard](https://stytch.com/dashboard/password-strength-config#breach-detection). If this value is `false` then `breached_password` will always be `false` as well."
},
"status_code": {
"type": "integer",
"format": "int32",
"description": "The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors."
},
"feedback": {
"$ref": "#/components/schemas/api_password_v1_Feedback",
"description": "Feedback for how to improve the password's strength [HaveIBeenPwned](https://haveibeenpwned.com/)."
}
},
"required": [
"request_id",
"valid_password",
"score",
"breached_password",
"strength_policy",
"breach_detection_on_create",
"status_code"
]
}