Overview
This article explains why calling the /dbconnections/change_password endpoint through Postman, will fail when Bot Detection is enabled. This configuration will result in the following error message.
Status Code 401 - Suspicious request requires verification
Applies To
- Bot Detection
- Change Password
- Database Connection
Cause
The “Suspicious request requires verification” error occurs because enabling Bot Detection for the change password flow introduces a CAPTCHA challenge. This challenge is designed to be solved by a human through a visual interface.
Non-interactive clients, like Postman or server-side scripts, cannot render or complete the CAPTCHA challenge. As a result, the request is flagged as suspicious and blocked before the password change email is sent.
Solution
This is a current product limitation. When Bot Detection is enabled, triggering the https://tenant.auth0.com/dbconnections/change_password endpoint requires a visual interface . This is because a CAPTCHA must be completed by the user before the password change email can be successfully sent.
Essentially, for the Change Password flow to work with Bot Detection , the user needs a browser or application capable of displaying and allowing interaction with the CAPTCHA challenge.