Reset Password API Call Always Fails

I’m getting HTTP status 500 responses from the reset password API. From our logs the last successful reset password API call was on 2018-05-31 and all calls since 2018-06-05 have been failing. There has been no change to our user activation flow logic or configuration so this appears to be an issue with the Okta service.

An example of the failing API call is:

POST /api/v1/authn/credentials/reset_password
   "stateToken": "00dCQPczxA7rWrEv1QobWdhqCPC27ktl",
   "newPassword": "mypassword"

An example response body:

  errorCode: 'E0000009',
  errorSummary: 'Internal Server Error',
  errorLink: 'E0000009',
  errorId: 'oaeYTorkoR5Qb6O2iGlXwGyZg',
  errorCauses: [] 

The reset password requests are always made immediately after obtaining the “state token” from a “primary auth” request which uses the activation token supplied in the Okta welcome email.

Are you following the password policy complexity requirements specified under Security>Authentication>Password policies