How to check a contact's password

Deborah_Figg · June 13, 2017, 11:58am

Hi,

I’m trying to check the validity of a contact’s password through the api as part of a login process.

What I have discovered is that the password appears to be encrypted in the contact’s password field when I look at it in the Infusionsoft UI, even though I sent it unencrypted when I created the record via the api.

Can anyone tell me how I can validate the password on a contact record against one entered by a user on my login page, because I can’t do a direct comparison of these two fields?

Debbie

John_Borelli · June 13, 2017, 2:53pm

@Deborah_Figg,

Infusionsoft does not encrypt the password field. You can write whatever test you want, either by the api or using the UI, and that text (un-encrypted) will persist. If you were talking about the passwords of users (not contacts) then you would have to use a token matching algorithm but since this is a contact and we are talking about the contact’s password field, there is no encryption happening there. In short, you would want to review the process that writes to that field in the first place since that is where the encryption has to be happening.

Pav · June 16, 2017, 12:26pm

If you are referring to Infusionsoft Users, you need to use this API function.

https://developer.infusionsoft.com/docs/xml-rpc/#data-validate-a-user-s-credentials

If you are referring to Contacts, then @John_Borelli is right that the Password field in Infusionsoft is unencrypted. Do you have some sort of process going on that encrypts the password?