Skip to main content
POST
/
api
/
reset-password
Reset Password
curl --request POST \
  --url https://api.example.com/api/reset-password \
  --header 'Content-Type: application/json' \
  --data '
{
  "token": "<string>",
  "new_password": "<string>"
}
'
{
  "message": "<string>"
}
Resets a user’s password using a valid reset token obtained from the forgot password endpoint. The reset token must not be expired and must be of type “reset”.

Request

token
string
required
The reset token received from the forgot-password endpoint
new_password
string
required
The new password to set for the account

Response

message
string
A success message confirming the password has been reset

Example Request

curl -X POST http://localhost:8000/api/reset-password \
  -H "Content-Type: application/json" \
  -d '{
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "new_password": "newsecurepassword456"
  }'

Example Response

{
  "message": "Password has been reset successfully"
}

Error Responses

Token Validation

The reset token is validated to ensure:
  • It has not expired
  • It has not been tampered with
  • It is specifically a “reset” type token (not an access token)
  • The user associated with the token still exists

Build docs developers (and LLMs) love

Get started for freeTalk to us