Yes, you can set a password on an identity using only the email address through the Ory REST API, provided your identity schema is configured to use the email as the password login identifier. This is a common pattern in Ory Kratos. To do this, you would use the admin API to create or update an identity and include both the email (as a trait) and the password (in the credentials section) in your request payload. Here’s an example of how to create an identity with an email and set a password:

json {   "schema_id": "<preset://email>",   "traits": {     "email": "<mailto:user@example.org|user@example.org>"   },   "credentials": {     "password": {       "config": {         "password": "the-password"       }     }   } }

This will create an identity with the specified email and set the password. The password will be hashed according to your configuration. The same structure can be used with the update endpoint to set or change the password for an existing identity, as long as you provide the required fields (

schema_id

,

traits

, and

state

) along with the new password in the credentials section. The email must be present in the traits, and your identity schema must mark the email as a password identifier for this to work properly [Importing credentials](https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities#importing-credentials) [Customize identity schema](https://www.ory.sh/docs/kratos/manage-identities/customize-identity-schema#password-login-identifier). This approach is supported by the Ory API and is the recommended way to set a password for an identity using only the email address via REST.

Yes, you can set or update the password for an existing identity using the REST API. To do this, use the updateIdentity endpoint (

PUT /admin/identities/{id}

) and include the required fields (

schema_id

,

traits

,

state

) along with the new password in the credentials section. For example:

json {   "schema_id": "<preset://email>",   "traits": {     "email": "<mailto:user@example.org|user@example.org>"   },   "state": "active",   "credentials": {     "password": {       "config": {         "password": "new-password"       }     }   } }

This will update the password for the identity with the given ID. The email must be present in the traits, and your identity schema must mark the email as a password identifier for this to work properly [updateIdentity request body](https://www.ory.sh/docs/reference/api) [Importing credentials](https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities#importing-credentials) [GitHub discussion](https://github.com/ory/kratos/discussions/4395). This method is officially supported and is the recommended way to update a password for an existing identity via the REST API.

You are correct: the updateIdentity endpoint requires the identity's unique ID (not the email) as the path parameter (

/admin/identities/{id}

) when updating an identity, including when setting or changing a password. The email is typically stored as a trait and is not used as the path parameter for this API call [Ory API Reference – updateIdentity](https://www.ory.sh/docs/reference/api). If you only have the email, you must first look up the identity by email to retrieve its ID. The knowledge sources do not describe a built-in REST API endpoint that allows you to update an identity using only the email address as the path parameter. The standard workflow is: 1. Search for the identity by email (using a list or search endpoint, if available in your deployment). 2. Extract the identity ID from the result. 3. Use the identity ID in the updateIdentity API call to set or update the password. If your deployment does not support searching by email via API, you would need to implement this lookup yourself or use the Ory Console to find the identity ID. In summary: You cannot directly update an identity (e.g., set a password) using only the email as the path parameter; you need the identity's ID. The email is used as a trait, not as an identifier for the API path [Ory API Reference – updateIdentity](https://www.ory.sh/docs/reference/api).