Request Password Reset
Initiates a password reset flow by sending a password reset email to the user.Authentication
No authentication required.Request Body
Email address of the account to reset
Response
Success message confirming the email was sent
Error Responses
Error message
400- Bad request (e.g., invalid email format, email not found)500- Internal server error
Example Request
Example Response
Usage Notes
- The user will receive an email with a password reset link
- The reset link redirects to the frontend URL configured in
FRONTEND_URLenvironment variable - The frontend should extract the reset token from the URL and use it when calling the update password endpoint
- Reset tokens are time-limited for security purposes
Update Password
Completes the password reset flow by updating the user’s password. This endpoint requires the user to be authenticated with a valid reset token.Authentication
Required: User must be authenticated with the reset token from the password reset email.Request Body
New password for the account
Response
Success message confirming the password was updated
Error Responses
Error message
400- Bad request (e.g., invalid or expired reset token, weak password)500- Internal server error
Example Request
Example Response
Usage Notes
- The reset token must be included in the Authorization header
- The reset token is obtained from the password reset email link
- After successful password update, the user should log in with their new password
- The reset token becomes invalid after use
- Implement proper password strength requirements on the client side before submitting