API changes - Password validation rules

Dear developers,

We are updating the password validation rules within the following APIs:

  • new_account_virtual
  • mt5_password_change
  • mt5_password_reset

This update will happen within the week starting 07/09/2020.

The new password validation rules are:
Must be 8 to 25 characters long
Must include lowercase and uppercase letters, and numbers
Cannot be the same as the client’s email address

You may use the following regular expression to validate the password:
^(?=.*[a-z])(?=.*[0-9])(?=.*[A-Z])[ -~]{8,25}$

Note: These rules are only applicable when setting new passwords. They do not apply to existing passwords.

Let’s assume that "prWomLKj" is the verification code for “[email protected]”.

API call

  "new_account_virtual": 1,
  "client_password": "[email protected]",
  "residence": "id",
  "verification_code": "prWomLKj"


  "echo_req": {
    "client_password": "<not shown>",
    "new_account_virtual": 1,
    "residence": "id",
    "verification_code": "prWomLKj"
  "error": {
    "code": "PasswordError",
    "message": "You cannot use your email address as your password."
  "msg_type": "new_account_virtual"

Please make the necessary changes to your code.

Thank you.

Team Deriv.com
[email protected]

Sign In or Register to comment.