Ory does not currently provide a dedicated API endpoint specifically for pre-validating whether a password is correct or meets all password policy requirements before actual registration or password change. The standard approach is to submit the registration or password update form, and if the password does not meet the policy (e.g., too short, found in data breaches, too similar to the identifier), the API will return validation errors in the response payload. This is how Ory enforces password policies, including checks against breached passwords and similarity checks, but only as part of the actual registration or update flow—not as a standalone validation API. There is a feature request and discussion about having such a pre-validation API (for example, to provide real-time feedback in signup forms), but as of now, this is not available. The current workaround is to attempt the registration or update and handle validation errors returned by the API in your UI. This limitation is acknowledged by the Ory team and community, and you can follow the discussion here: [Github Issue: Allow to check whether a username/password would be accepted by Ory without actually registering a user](https://github.com/ory/network/issues/265). In summary: - There is no standalone API for password validation only. - Validation occurs as part of registration or password update flows, and errors are returned if the password is not acceptable. - A dedicated validation API is a requested feature but not yet implemented. For more details on how password validation works during registration and updates, see the documentation on [registration form validation](https://www.ory.sh/docs/kratos/self-service/flows/user-registration#registration-form-validation) and [password policy](https://www.ory.sh/docs/concepts/password-policy).