Skip to main content

Request Password Recovery

Initiate the password recovery process by sending a recovery code to the customer’s email. 
curl -X POST https://api.eisegmi.facturador.es/auth/clienteRecuperar \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]"
  }'

Request Body

email
string
required
Customer’s registered email address. A recovery code will be sent to this email.

Response

{
  "message": "Código de recuperación enviado al correo electrónico",
  "status": 200
}
A recovery code will be sent to the customer’s email. This code is required to reset the password in the next step.

Reset Password

Reset the customer’s password using the recovery code received via email. 
curl -X POST https://api.eisegmi.facturador.es/auth/clienteCambiarContrasena \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "codigo": "123456",
    "nuevaPassword": "newSecurePassword123"
  }'

Request Body

email
string
required
Customer’s registered email address
codigo
string
required
Recovery code sent to the customer’s email
nuevaPassword
string
required
New password for the customer account

Response

{
  "message": "Contraseña cambiada exitosamente",
  "status": 200
}

Password Recovery Flow

1

Request Recovery

Call /auth/clienteRecuperar with the customer’s email address. A recovery code will be sent to their email.
2

Reset Password

Call /auth/clienteCambiarContrasena with the email, recovery code, and new password to complete the password reset.
3

Login with New Password

Customer can now login using the /auth/loginCliente endpoint with their new password.

Error Handling

The password recovery endpoints may return various error messages:
The recovery code is incorrect or has expired. The customer should request a new recovery code by calling /auth/clienteRecuperar again.
The provided email address is not registered in the system. Verify the email address or register a new account.
A network or server error occurred. Retry the request or contact support if the issue persists.
Recovery codes typically expire after a certain time period for security reasons. If a code expires, the customer must restart the password recovery process.

Security Best Practices

Strong Passwords

Encourage customers to use strong passwords with a mix of uppercase, lowercase, numbers, and special characters.

Code Expiration

Recovery codes have a limited validity period to prevent unauthorized access.

Email Verification

Codes are sent only to the registered email address, ensuring account ownership.

Rate Limiting

Multiple failed attempts may trigger rate limiting to prevent brute force attacks.

Build docs developers (and LLMs) love

Get started for freeTalk to us