Changes the current user's password after validating the existing credential.

POST 
/changepassword

Requires authentication. Avoids no-op updates by rejecting unchanged passwords.

Request

Responses

200

OK

401

Unauthorized - missing or invalid credentials.

403

Forbidden - authenticated but missing required role or policy.