provider Password POST /v1/b2b/passwords/migrate
@utdk/stytch /v1/b2b/passwords/migrate
Migrate
**Warning:** This endpoint marks the Member's email address as verified. Do **not** use this endpoint unless the user has already verified their email address in your application. Adds an existing password to a Member's email that doesn't have a password yet. We support migrating members from passwords stored with bcrypt, scrypt, argon2, MD-5, SHA-1, SHA-512, and PBKDF2. This endpoint has a rate limit of 100 requests per second. The Member's email will be marked as verified when you use this endpoint. If you are using **cross-organization passwords**, i.e. allowing an end user to share the same password across all of their Organizations, call this method separately for each `organization_id` associated with the given `email_address` to ensure the password is set across all of their Organizations.

Try it

Authentication
Configure credentials for Stytch API
Gateway
The gateway proxies requests and injects credentials server-side. Configure credentials above, then enter your gateway URL.

Saved automatically to browser storage.

apiB2bPasswordV1Migrate
POST/v1/b2b/passwords/migrate
**Warning:** This endpoint marks the Member's email address as verified. Do **not** use this endpoint unless the user has already verified their email address in your application. Adds an existing password to a Member's email that doesn't have a password yet. We support migrating members from passwords stored with bcrypt, scrypt, argon2, MD-5, SHA-1, SHA-512, and PBKDF2. This endpoint has a rate limit of 100 requests per second. The Member's email will be marked as verified when you use this endpoint. If you are using **cross-organization passwords**, i.e. allowing an end user to share the same password across all of their Organizations, call this method separately for each `organization_id` associated with the given `email_address` to ensure the password is set across all of their Organizations.

Input

required

The email address of the Member.

required

The password hash. For a Scrypt or PBKDF2 hash, the hash needs to be a base64 encoded string.

required
required

Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.

The name of the Member. Each field in the name object is optional.

An arbitrary JSON object for storing application-specific data or identity-provider-specific data.

An arbitrary JSON object of application-specific data. These fields can be edited directly by the frontend SDK, and should not be used to store critical information. See the [Metadata resource](https://stytch.com/docs/b2b/api/metadata) for complete field behavior details.

Roles to explicitly assign to this Member. Will completely replace any existing explicitly assigned roles. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment. If a Role is removed from a Member, and the Member is also implicitly assigned this Role from an SSO connection or an SSO group, we will by default revoke any existing sessions for the Member that contain any SSO authentication factors with the affected connection ID. You can preserve these sessions by passing in the `preserve_existing_sessions` parameter with a value of `true`.

Whether to preserve existing sessions when explicit Roles that are revoked are also implicitly assigned by SSO connection or SSO group. Defaults to `false` - that is, existing Member Sessions that contain SSO authentication factors with the affected SSO connection IDs will be revoked.

The Member's phone number. A Member may only have one phone number. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX).

Whether to set the user's phone number as verified. This is a dangerous field. This flag should only be set if you can attest that the user owns the phone number in question.

If a new member is created, this will set an identifier that can be used in most API calls where a `member_id` is expected. This is a string consisting of alphanumeric, `.`, `_`, `-`, or `|` characters with a maximum length of 128 characters. External IDs must be unique within an organization, but may be reused across different organizations in the same project. Note that if a member already exists, this field will be ignored.

Enter a gateway URL above to enable sending.

Code snippet
Updates live as you fill in the form above.

TypeScript

import stytch from '@utdk/stytch';

await stytch.apiB2bPasswordV1Migrate()