I'm setting up custom account management for my Simperium app, based on the recommendation from the answer in Simperium - Can a user recover a forgotten password ..?, and referencing the API documentation.
This all in PHP, handling the form creation and submission.
I've created the curl request as follows, a format which I've already tested for password resets, using the "reset_password" url.
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_HTTPHEADER => array('X-Simperium-API-Key: <my_admin_API_key>'),
CURLOPT_POSTFIELDS => '{"username": "'.$username.'", "password" :"'.$password.'", "new_username":"'.$newusername.'"}',
CURLOPT_POST => TRUE,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_URL => 'https://auth.simperium.com/1/<my_app_id>/update/'
));
The problem I'm having, is that during testing, I've found that it will take any password I enter, and return:
{"status": "success"}
Further testing showed that the username was, in fact, changed.
I realize this isn't a "question", per se, but Simperium support seems to be most responsive to Stackoverflow posts.