class StytchB2B::Passwords
def strength_check(
Feedback for how to improve the password's strength using [zxcvbn](https://stytch.com/docs/passwords#strength-requirements).
zxcvbn_feedback::
The type of this field is nilable +LudsFeedback+ (+object+).
Feedback for how to improve the password's strength using [luds](https://stytch.com/docs/passwords#strength-requirements).
luds_feedback::
The type of this field is +Integer+.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
status_code::
The type of this field is +Boolean+.
If this value is false then `breached_password` will always be `false` as well.
This option can be disabled by contacting [support@stytch.com](mailto:support@stytch.com?subject=Password%20strength%20configuration).
Will return `true` if breach detection will be evaluated. By default this option is enabled.
breach_detection_on_create::
The type of this field is +String+.
The strength policy type enforced, either `zxcvbn` or `luds`.
strength_policy::
The type of this field is +Boolean+.
Returns `true` if the password has been breached. Powered by [HaveIBeenPwned](https://haveibeenpwned.com/).
breached_password::
The type of this field is +Integer+.
The score of the password determined by [zxcvbn](https://github.com/dropbox/zxcvbn). Values will be between 1 and 4, a 3 or greater is required to pass validation.
score::
The type of this field is +Boolean+.
require that the password hasn't been compromised using built-in breach detection powered by [HaveIBeenPwned](https://haveibeenpwned.com/)
We also offer [LUDS](https://stytch.com/docs/passwords#strength-requirements). If an email address is included in the call we also
[zxcvbn](https://stytch.com/docs/passwords#strength-requirements) is the default option which offers a high level of sophistication.
Returns `true` if the password passes our password validation. We offer two validation options,
valid_password::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is nilable +String+.
The email address of the Member.
email_address::
The type of this field is +String+.
The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characers, etc.
password::
== Parameters:
If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), the feedback object will contain a collection of fields that the user failed or passed. You'll want to prompt the user to create a password that meets all requirements that they failed.
If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the feedback object will contain warning and suggestions for any password that does not meet the [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy) strength requirements. You can return these strings directly to the user to help them craft a strong password.
The zxcvbn_feedback and luds_feedback objects contains relevant fields for you to relay feedback to users that failed to create a strong enough password.
## Password feedback
This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid if the strength score is >= 3. If you're using [LUDS](https://stytch.com/docs/guides/passwords/strength-policy), your passwords are considered valid if they meet the requirements that you've set with Stytch. You may update your password strength configuration in the [stytch dashboard](https://stytch.com/dashboard/password-strength-config).
This API allows you to check whether the user’s provided password is valid, and to provide feedback to the user on how to increase the strength of their password.
def strength_check( password:, email_address: nil ) headers = {} request = { password: password } request[:email_address] = email_address unless email_address.nil? post_request('/v1/b2b/passwords/strength_check', request, headers) end