Get Password Age Settings

GET /policies/password/age

Returns the password age settings configured on the organization. The settings specify the expiry of password, after which a user is forced to change it on the next login.

Request

Header Parameters

x-zitadel-orgid string

The default is always the organization of the requesting user. If you like to get/set a result of another organization include the header. Make sure the user has permission to access the requested data.

Responses

200
default

A successful response.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

policy

object

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

maxAgeDays uint64

Amount of days after which a password will expire. The user will be forced to change the password on the following authentication.

expireWarnDays uint64

Amount of days after which the user should be notified of the upcoming expiry. ZITADEL will not notify the user.

isDefault boolean

If true, the returned values represent the instance settings, e.g. by an organization without custom settings.

isDefault deprecated: is_default is also defined in zitadel.policy.v1.PasswordAgePolicy (boolean)

{
  "policy": {
    "details": {
      "sequence": "2",
      "creationDate": "2025-05-08T15:15:58.484Z",
      "changeDate": "2025-05-08T15:15:58.484Z",
      "resourceOwner": "69629023906488334"
    },
    "maxAgeDays": "365",
    "expireWarnDays": "10",
    "isDefault": true
  },
  "isDefault": true
}

Schema
Example (from schema)

Schema

policy

object

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

maxAgeDays uint64

Amount of days after which a password will expire. The user will be forced to change the password on the following authentication.

expireWarnDays uint64

Amount of days after which the user should be notified of the upcoming expiry. ZITADEL will not notify the user.

isDefault boolean

If true, the returned values represent the instance settings, e.g. by an organization without custom settings.

isDefault deprecated: is_default is also defined in zitadel.policy.v1.PasswordAgePolicy (boolean)

{
  "policy": {
    "details": {
      "sequence": "2",
      "creationDate": "2025-05-08T15:15:58.485Z",
      "changeDate": "2025-05-08T15:15:58.485Z",
      "resourceOwner": "69629023906488334"
    },
    "maxAgeDays": "365",
    "expireWarnDays": "10",
    "isDefault": true
  },
  "isDefault": true
}

Schema
Example (from schema)

Schema

policy

object

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

creationDate date-time

on read: the timestamp of the first event of the object

on create: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the

resourceOwner resource_owner is the organization an object belongs to (string)

maxAgeDays uint64

Amount of days after which a password will expire. The user will be forced to change the password on the following authentication.

expireWarnDays uint64

Amount of days after which the user should be notified of the upcoming expiry. ZITADEL will not notify the user.

isDefault boolean

If true, the returned values represent the instance settings, e.g. by an organization without custom settings.

isDefault deprecated: is_default is also defined in zitadel.policy.v1.PasswordAgePolicy (boolean)

{
  "policy": {
    "details": {
      "sequence": "2",
      "creationDate": "2025-05-08T15:15:58.485Z",
      "changeDate": "2025-05-08T15:15:58.485Z",
      "resourceOwner": "69629023906488334"
    },
    "maxAgeDays": "365",
    "expireWarnDays": "10",
    "isDefault": true
  },
  "isDefault": true
}

An unexpected error response.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Get Password Age Settings

/policies/password/age

Request​

Header Parameters

Responses​

Request

Responses