Changing Password

---

Via the UI

1. Log in to the DocBot UI.
2. Go to Account Settings.
3. Choose Change Password.
4. Enter your current password, then your new password, and confirm.

---

Via the API

Send a PUT request to /api/auth/password with your current and new password:

curl -s -X PUT http://localhost:8000/api/auth/password \
  -H "Authorization: Bearer <ACCESS_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "current_password": "old-password",
    "new_password": "new-secure-password"
  }'

---

Rotating the JWT Secret Key

For additional security, consider periodically rotating the JWT_SECRET_KEY in your .env file:

1. Generate a new random secret (e.g. openssl rand -hex 32).
2. Update JWT_SECRET_KEY in .env.
3. Restart the backend: docker compose up -d backend.

note

Rotating the JWT secret key invalidates all existing access and refresh tokens. All users will need to log in again.