Reset password

Complete a password reset using the token from the reset email. Subject to IP rate limiting (max attempts per 15 minutes; invalid tokens increment the failed-attempt window per hour). Cache errors fail closed with 503.

POST/v1/users/reset-password

Authorization

bearerAuth

AuthorizationBearer <token>

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

credential_type*string

credential_value*string

otp*string

new_password*string

Response Body

`application/json`

curl -X POST "https://example.com/v1/users/reset-password" \  -H "Content-Type: application/json" \  -d '{    "credential_type": "email",    "credential_value": "string",    "otp": "string",    "new_password": "string"  }'

Empty

{
  "code": "users_m.invalid_user_input",
  "message": "Invalid user input data"
}

{
  "code": "users_m.password_reset_rate_limit_exceeded",
  "message": "Too many password reset attempts. Please try again in 842 seconds",
  "params": {
    "retry_after": 842,
    "max_attempts": 5,
    "window": "15 minutes"
  }
}

{
  "code": "common.internal_error",
  "message": "Internal server error"
}

Authorization

Request Body

Response Body

200

400application/json

429application/json

503application/json

`application/json`

`application/json`

`application/json`