Reset Password API
This endpoint allows customers to reset their password when they’ve forgotten it.Password Reset Flow
The password reset process follows these steps:- User requests a password reset (typically via a “Forgot Password” feature)
- System sends a reset token to the user’s verified email
- User submits the token along with a new password
- Server validates the token and updates the password
Request Example
Response Example
Error Codes
Code | Description |
---|---|
400 | Invalid request (passwords don’t match, password too weak) |
401 | Invalid or expired reset token |
404 | User not found |
Security Considerations
- Reset tokens should expire after a short period (typically 15-30 minutes)
- Enforce strong password policies
- Implement rate limiting to prevent brute force attacks
- Send notifications to the user when their password is changed