If I'm using an admin user/api key, can I update a user's password over REST calls?
If I'm using an admin user/api key, can I update a user's password over REST calls?
You cannot as you need to know the old password to change it to begin with.
Ok. How does it work in the control panel then when I change a user's password?
Things like the control panel don't use public/supported Apis, they are free to use internal code paths for items we only support from an administration perspective
Ok, so let's say I need to update someone's password and I don't have their original password and don't want to use the control panel. Is that possible?
No its not, not in a supported way. You can try it using an empty string for the old password and see if it works, but its not documented to work that way so I cannot guarantee it would always work..assuming it even does