Password Change Using HTTP Headers

For customers who need to be able to effect a password change from the middle tier, HostBridge sends two extra HTTP headers with numeric codes to identify authorization status:

HB-AUTH: {return-code}

HB-AUTH2: {return-code} 

Values for the headers appear below.

HBAUTH valueHBAUTH2 value
0 - Normal0 - OK
4 - Invalid input8 - Credentials not specified
12 - Invalid request13 - There is an unknown return code in ESMRESP from the ESM 

18 - The CICS ESM interface is not initialized

29 - The ESM is not responding

32 - The user ID field contains a blank in an invalid position
16 - Not authorized2 - The supplied password is wrong

3 - A new password is required

4 - The new password is not acceptable

19 - The user ID is revoked

22 - Request failed during seclabel processing

31 - User revoked in default group
20 - User ID error8 - the user ID is not known to the ESM
24 - Other error

Typically, HostBridge will return (0,0), which means everything is normal:

HB-AUTH: 0

HB-AUTH2: 0

If a new password is required, the HTTP headers return the following values:

HB-AUTH: 16

HB-AUTH2: 3

To change a password,

  • Rename the HostBridge file HBR#AUTH to HBR$AUTH.
  • In TCPIPSERVICE, set Authenticate to “No.”
  • Send in the standard Basic header with valid credentials. In addition to the standard Authenticate header, pass in:

           X-HB-NEWPWD: {value}


  where value is username:new_password (base64 encoded). This is the same format that Authenticate uses.


HBR$AUTH is required for you to use the password change capabilities.

When a valid password change request is sent in, the user’s password is changed to the new password. Subsequent HostBridge requests must use this new password instead of the old one.