Skip to main content

Reset Password

The password reset flow consists of two endpoints:
  1. Send Reset Link - Request a password reset link via email
  2. Reset Password - Reset the password using the token from the email
Request a password reset link to be sent to the user’s email address.

Endpoint

POST /auth/reset-password

Request

email
string
required
User’s email address. Must be a valid email that exists in the system.

Response

success
boolean
Indicates whether the request was successful
message
string
Success message indicating the reset link was sent

Example Request

curl -X POST https://api.example.com/auth/reset-password \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]"
  }'

Example Response

{
  "success": true,
  "message": "We have emailed your password reset link!"
}

Error Responses

{
  "success": false,
  "message": "The given data was invalid.",
  "errors": {
    "email": [
      "The selected email is invalid."
    ]
  }
}

{
  "success": false,
  "message": "Failed to send password reset link"
}

Reset Password

Reset the user’s password using the token received via email.
This endpoint returns an HTML view rather than JSON. It is typically accessed via a link in the password reset email.

Endpoint

PUT /auth/reset-password

Request

email
string
required
User’s email address.
password
string
required
New password. Must be at least 8 characters.
password_confirmation
string
required
Password confirmation. Must match the password field.
token
string
required
Password reset token received via email.

Response

Returns an HTML view indicating the success or failure of the password reset operation.

Example Request

curl -X PUT https://api.example.com/auth/reset-password \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "newpassword123",
    "password_confirmation": "newpassword123",
    "token": "abc123def456ghi789"
  }'

Success Response

Returns an HTML view with a success message: 
<!-- Success message displayed -->
Your password has been reset!
A notification email is also sent to the user confirming the password reset.

Error Responses

<!-- Error message displayed -->
We can't find a user with that email address.

<!-- Error message displayed -->
This password reset token is invalid.

<!-- Error message displayed -->
Failed to reset password. Please try again.
Returns validation error if password and password_confirmation don’t match or if password is less than 8 characters.

Password Reset Flow

  1. User requests a password reset by providing their email via POST /auth/reset-password
  2. System sends an email with a password reset link containing a token
  3. User clicks the link and is directed to a password reset form
  4. User submits new password with the token via PUT /auth/reset-password
  5. System validates the token, resets the password, and sends a confirmation email

Build docs developers (and LLMs) love

Get started for freeTalk to us