Reset Password API

This endpoint allows customers to reset their password when they’ve forgotten it.

Password Reset Flow

The password reset process follows these steps:
  1. User requests a password reset (typically via a “Forgot Password” feature)
  2. System sends a reset token to the user’s verified email
  3. User submits the token along with a new password
  4. Server validates the token and updates the password

Request Example

{
  "token": "reset-token-from-email",
  "password": "newSecurePassword123",
  "confirmPassword": "newSecurePassword123"
}

Response Example

{
  "status": "success",
  "message": "Password has been reset successfully"
}

Error Codes

CodeDescription
400Invalid request (passwords don’t match, password too weak)
401Invalid or expired reset token
404User not found

Security Considerations

  • Reset tokens should expire after a short period (typically 15-30 minutes)
  • Enforce strong password policies
  • Implement rate limiting to prevent brute force attacks
  • Send notifications to the user when their password is changed