On this page

Reset Password API
Password Reset Flow
Request Example
Response Example
Error Codes
Security Considerations
Related Endpoints

Reset Password API

This endpoint allows customers to reset their password when they’ve forgotten it.

Password Reset Flow

The password reset process follows these steps:

User requests a password reset (typically via a “Forgot Password” feature)
System sends a reset token to the user’s verified email
User submits the token along with a new password
Server validates the token and updates the password

Request Example

{
  "token": "reset-token-from-email",
  "password": "newSecurePassword123",
  "confirmPassword": "newSecurePassword123"
}

Response Example

{
  "status": "success",
  "message": "Password has been reset successfully"
}

Error Codes

Code	Description
400	Invalid request (passwords don’t match, password too weak)
401	Invalid or expired reset token
404	User not found

Security Considerations

Reset tokens should expire after a short period (typically 15-30 minutes)
Enforce strong password policies
Implement rate limiting to prevent brute force attacks
Send notifications to the user when their password is changed

Refresh Token Auth API