From 396fb729d02b76bd97da369045edc519db85cd79 Mon Sep 17 00:00:00 2001
From: melpike <79950145+melpike@users.noreply.github.com>
Date: Thu, 12 Feb 2026 10:19:57 -0700
Subject: [PATCH 1/5] [API] Add endpoint for updating Recovery Lock password

Added documentation for updating host's Recovery Lock password.
---
 docs/REST API/rest-api.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/docs/REST API/rest-api.md b/docs/REST API/rest-api.md
index 5ff1660b229d..96fbb9d7cbe5 100644
--- a/docs/REST API/rest-api.md	
+++ b/docs/REST API/rest-api.md	
@@ -2857,6 +2857,7 @@ None.
 - [Get host's software](#get-hosts-software)
 - [Get hosts report in CSV](#get-hosts-report-in-csv)
 - [Get host's disk encryption key](#get-hosts-disk-encryption-key)
+- [Update host's Recovery Lock password](#update-hosts-recovery-lock-password)
 - [Get host's certificates](#get-hosts-certificates)
 - [Lock host](#lock-host)
 - [Unlock host](#unlock-host)
@@ -4927,6 +4928,27 @@ The host will only return a key if its disk encryption status is "Verified." Get
 }
 ```
 
+### Update host's Recovery Lock password
+
+_Available in Fleet Premium_
+
+`POST /api/v1/fleet/recovery_lock_password`
+
+#### Parameters
+
+| Name                          | Type    | In    | Description                                                                                        |
+| ----------------------------- | ------  | ----  | --------------------------------------------------------------------------------------             |
+| team_id                       | integer | body  | The team ID to apply the settings to. Settings applied to hosts in no team if absent.              |
+| enable_recovery_lock_password | boolean | body  | Whether Recovery Lock password should be enforced on devices that belong to the team (or no team). |
+
+#### Example
+
+`POST /api/v1/fleet/recovery_lock_password`
+
+##### Default response
+
+`204`
+
 ### Get host's certificates
 
 Available for macOS, iOS, iPadOS, and Windows hosts only. Requires Fleet's MDM to be [enabled and configured](https://fleetdm.com/docs/using-fleet/mdm-setup).

From a09b4a9f50564f0723bafce141a4598fbb300be0 Mon Sep 17 00:00:00 2001
From: melpike <79950145+melpike@users.noreply.github.com>
Date: Thu, 12 Feb 2026 12:22:40 -0700
Subject: [PATCH 2/5] Rename and update Recovery Lock password rotation API

Updated the section for rotating the host's Recovery Lock password and modified the API endpoint details.
---
 docs/REST API/rest-api.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs/REST API/rest-api.md b/docs/REST API/rest-api.md
index 96fbb9d7cbe5..47035a4fe7f2 100644
--- a/docs/REST API/rest-api.md	
+++ b/docs/REST API/rest-api.md	
@@ -2857,7 +2857,6 @@ None.
 - [Get host's software](#get-hosts-software)
 - [Get hosts report in CSV](#get-hosts-report-in-csv)
 - [Get host's disk encryption key](#get-hosts-disk-encryption-key)
-- [Update host's Recovery Lock password](#update-hosts-recovery-lock-password)
 - [Get host's certificates](#get-hosts-certificates)
 - [Lock host](#lock-host)
 - [Unlock host](#unlock-host)
@@ -4928,22 +4927,23 @@ The host will only return a key if its disk encryption status is "Verified." Get
 }
 ```
 
-### Update host's Recovery Lock password
+### Rotate host's Recovery Lock password
 
 _Available in Fleet Premium_
 
-`POST /api/v1/fleet/recovery_lock_password`
+Rotates the Recovery Lock password for a host.
+
+`POST /api/v1/fleet/hosts/:id/rotate_recovery_lock_password`
 
 #### Parameters
 
 | Name                          | Type    | In    | Description                                                                                        |
 | ----------------------------- | ------  | ----  | --------------------------------------------------------------------------------------             |
-| team_id                       | integer | body  | The team ID to apply the settings to. Settings applied to hosts in no team if absent.              |
-| enable_recovery_lock_password | boolean | body  | Whether Recovery Lock password should be enforced on devices that belong to the team (or no team). |
+| id                            | integer | body  | The host ID to rotate Recovery Lock password for.                                                  |
 
 #### Example
 
-`POST /api/v1/fleet/recovery_lock_password`
+`POST /api/v1/fleet/hosts/:id/rotate_recovery_lock_password`
 
 ##### Default response
 

From a02da774dc743e4cf6a8db0b47c6d4d00ce263a3 Mon Sep 17 00:00:00 2001
From: melpike <79950145+melpike@users.noreply.github.com>
Date: Wed, 18 Feb 2026 07:11:34 -0700
Subject: [PATCH 3/5] Update docs/REST API/rest-api.md

Co-authored-by: Rachael Shaw <r@rachael.wtf>
---
 docs/REST API/rest-api.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/REST API/rest-api.md b/docs/REST API/rest-api.md
index 47035a4fe7f2..c37d58131eab 100644
--- a/docs/REST API/rest-api.md	
+++ b/docs/REST API/rest-api.md	
@@ -4933,7 +4933,7 @@ _Available in Fleet Premium_
 
 Rotates the Recovery Lock password for a host.
 
-`POST /api/v1/fleet/hosts/:id/rotate_recovery_lock_password`
+`POST /api/v1/fleet/hosts/:id/recovery_lock_password/rotate`
 
 #### Parameters
 

From f2573e6b9f88770006fa4655fac68d7ed6a6c9b2 Mon Sep 17 00:00:00 2001
From: melpike <79950145+melpike@users.noreply.github.com>
Date: Wed, 18 Feb 2026 07:11:52 -0700
Subject: [PATCH 4/5] Update docs/REST API/rest-api.md

Co-authored-by: Rachael Shaw <r@rachael.wtf>
---
 docs/REST API/rest-api.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/REST API/rest-api.md b/docs/REST API/rest-api.md
index c37d58131eab..63207ed1feae 100644
--- a/docs/REST API/rest-api.md	
+++ b/docs/REST API/rest-api.md	
@@ -4939,7 +4939,7 @@ Rotates the Recovery Lock password for a host.
 
 | Name                          | Type    | In    | Description                                                                                        |
 | ----------------------------- | ------  | ----  | --------------------------------------------------------------------------------------             |
-| id                            | integer | body  | The host ID to rotate Recovery Lock password for.                                                  |
+| id                            | integer | path  | The host ID to rotate Recovery Lock password for.                                                  |
 
 #### Example
 

From dac902421a152b3d53ba4446465af4554b8e33b2 Mon Sep 17 00:00:00 2001
From: melpike <79950145+melpike@users.noreply.github.com>
Date: Wed, 18 Feb 2026 07:13:23 -0700
Subject: [PATCH 5/5] Apply suggestion from @rachaelshaw

Co-authored-by: Rachael Shaw <r@rachael.wtf>
---
 docs/REST API/rest-api.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/REST API/rest-api.md b/docs/REST API/rest-api.md
index 63207ed1feae..f6c8a7402a98 100644
--- a/docs/REST API/rest-api.md	
+++ b/docs/REST API/rest-api.md	
@@ -4943,7 +4943,7 @@ Rotates the Recovery Lock password for a host.
 
 #### Example
 
-`POST /api/v1/fleet/hosts/:id/rotate_recovery_lock_password`
+`POST /api/v1/fleet/hosts/123/recovery_lock_password/rotate`
 
 ##### Default response