Skip to main content

POST /api/auth/reset-password/:token

Resets user password using the token received via email from the forgot password process.

Authentication

No authentication required.

Path Parameters

token
string
required
6-digit password reset token sent to user’s email. Must be exactly 6 characters.

Request Body

password
string
required
New password for the account. Minimum length: 8 characters.

Request Example

{
  "password": "newSecurePassword456"
}

Response

message
string
Success message confirming password reset.

Success Response (200 OK)

"Password reset successfull"

Error Responses

404 Not Found - Invalid Token

{
  "error": "Token not valid"
}

400 Bad Request - Validation Errors

{
  "errors": [
    {
      "msg": "Token not valid",
      "param": "token"
    },
    {
      "msg": "Password min length has to be 8 characters",
      "param": "password"
    }
  ]
}

cURL Example

curl -X POST https://api.example.com/api/auth/reset-password/123456 \
  -H "Content-Type: application/json" \
  -d '{
    "password": "newSecurePassword456"
  }'

Notes

  • Token must be exactly 6 characters long
  • Password is automatically hashed before storage
  • Token is cleared (set to null) after successful password reset
  • Rate limiting is applied to this endpoint
  • After reset, user can login with the new password

Build docs developers (and LLMs) love

Get started for freeTalk to us