Our Headless APIs provide inconsistent behavior when updating a user's password. The updateUserAccount and putUserAccount do not allow you to update a user's password while putUserAccountByExternalReferenceCode does allow you to do so.
Headless APIs of the same domain should provide a consistent behavior. In this example, I would expect all APIs to allow me to update a users password in a manner consistent with our DXP products.
- If you have permissions to modify users, you may update any passwords.
- If you are updating your own password, you may do so as long as you provide your old password.