DocsAPI ReferenceIo T/bff/iot-lock/credentials-update
postIo TAdmin BFF

/bff/iot-lock/credentials-update

Verifies a new TTLock OAuth2 credential set against euapi.ttlock.com/oauth2/token and, on success, persists it. Only password is required in the body — the other three fields (clientId, clientSecret, username) are optional and fall back to the values already stored in the organisation configuration. This makes the common case of "my TTLock app password was reset" a single-field call, without needing to re-enter the clientSecret (which is only obtainable from the TTLock developer portal). Fields that were actually supplied (non-empty) are written back to the config; fields left out are kept as-is. The plain-text password is always MD5-hashed server-side. After a successful OAuth response the new MD5 password plus fresh access and refresh tokens are persisted atomically. Any TTLock-side failure (invalid credentials, invalid client, etc.) is thrown as an Error and surfaced by the standard API error-logging layer.

IoTpostBffIot-lockCredentials-update

Parameters

4 body

4 total
Body · 4
clientIdstring

TTLock OAuth2 client ID (app-level identifier issued by TTLock developer portal). Optional — when omitted or empty, the previously stored value is used. Only send when rotating app credentials; day-to-day password resets do not need it.

clientSecretstring

TTLock OAuth2 client secret. Optional — when omitted or empty, the previously stored value is used. Only obtainable from the TTLock developer portal, not from the TTLock mobile app, so regular users should not need to enter it.

usernamestring

TTLock account username (the e-mail used in the TTLock mobile app). Optional — when omitted or empty, the previously stored value is used. Send only when the TTLock account itself changes.

passwordstringRequired

TTLock account password in plain text. Required. MD5-hashed server-side before being sent to TTLock and before being stored. Primary field for the common case of recovering after a password change in the TTLock mobile app.

Request

POST /bff/iot-lock/credentials-update

post
curl -X POST "https://api.bizkithub.com/bff/iot-lock/credentials-update" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{
  "clientId": "example_clientId",
  "clientSecret": "example_clientSecret",
  "username": "alexander.dioszeghy@gmail.com",
  "password": "example_password"
}'

Response

JSON payload

{
  "success": false
}

All response codes

1 status code documented

Need an API key?

All BizKitHub API endpoints require authentication via API key.

Get API Key