CorebanqCorebanq Developer Docs
Usersv1Password

Request Password Reset

Request a password reset link for an email or phone credential. Subject to IP rate limiting (max attempts per 15 minutes; failed attempts tracked per hour). Always returns success when the credential is unknown to prevent enumeration.

POST/v1/users/request-password-reset

Authorization

bearerAuth
AuthorizationBearer <token>

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

application/json

curl -X POST "https://example.com/v1/users/request-password-reset" \  -H "Content-Type: application/json" \  -d '{    "credential_type": "email",    "credential_value": "string"  }'
Empty
{
  "code": "users_m.invalid_user_input",
  "message": "Invalid user input data"
}
{
  "code": "users_m.password_reset_rate_limit_exceeded",
  "message": "Too many password reset attempts. Please try again in 842 seconds",
  "params": {
    "retry_after": 842,
    "max_attempts": 5,
    "window": "15 minutes"
  }
}

DELDelete Credential

Delete credential by ID

POSTReset password

Complete a password reset using the token from the reset email. Subject to IP rate limiting (max attempts per 15 minutes; invalid tokens increment the failed-attempt window per hour). Cache errors fail closed with 503.