List passwordMethods

Namespace: microsoft.graph

Retrieve a list of the passwords registered to a user, represented by a passwordAuthenticationMethod object. This API returns exactly one object referenced by ID 28c10230-6103-485e-b985-444c60001490, as a user can have exactly one password. For security, the password itself is never returned in the object and the password property is always null.

This API is available in the following national cloud deployments.

Global service US Government L4 US Government L5 (DOD) China operated by 21Vianet

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permissions acting on self

Permission type Permissions (from least to most privileged)
Delegated (work or school account) UserAuthenticationMethod.Read, UserAuthenticationMethod.ReadWrite
Delegated (personal Microsoft account) Not supported.
Application Not supported.

Permissions acting on other users

Permission type Permissions (from least to most privileged)
Delegated (work or school account) UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All

In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation.

  • Global Reader
  • Authentication Administrator
  • Privileged Authentication Administrator

Admins with User Administrator, Helpdesk Administrator, or Password Administrator roles can also reset passwords for non-admin users and a limited set of admin roles as defined in Who can reset passwords.

HTTP request

Get details of your own password authentication method.

GET /me/authentication/passwordMethods

Get details of your own or another user's password authentication method.

GET /users/{id | userPrincipalName}/authentication/passwordMethods

Optional query parameters

This method doesn't support optional query parameters to customize the response.

Request headers

Name Description
Authorization Bearer {token}. Required. Learn more about authentication and authorization.

Request body

Don't supply a request body for this method.

Response

If successful, this method returns a 200 OK response code and a collection of passwordAuthenticationMethod objects in the response body.

Examples

Request

The following example shows a request.

GET https://graph.microsoft.com/v1.0/me/authentication/passwordMethods

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 200 OK
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('67273bfa-5cd8-477a-acf7-e13ff81ebf70')/authentication/passwordMethods",
    "value": [
        {
            "id": "28c10230-6103-485e-b985-444c60001490",
            "password": null,
            "createdDateTime": null
        }
    ]
}