Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Danielsl4/TFG_DAM_2526_Consulta2/llms.txt

Use this file to discover all available pages before exploring further.

This page covers four endpoints that handle account recovery and email verification: requesting a password reset link, setting a new password with that link, resending the verification email, and confirming an email address via the verification token.
The email verification token (used by /verify-email/:token and /resend-verification) is different from the password reset token (used by /forgot-password and /reset-password). They are generated independently and stored in separate database columns.

POST /forgot-password

Send a password reset link to the account’s registered email address.
The reset link expires after 60 minutes. If the link is not used in time, the user must request a new one.
For security, the endpoint always returns a success response regardless of whether the email address is registered. This prevents user enumeration.

Rate limiting

Protected by authLimiter: 10 requests per 15 minutes per IP.

Request body

email
string
required
The email address associated with the account.

Response

200 — Request processed

{
  "message": "Si el correo está registrado, recibirás un enlace de recuperación."
}
This message is returned whether or not the email is found in the database.

Error responses

StatusCondition
400The email field is missing from the request body.
500Internal server error or failure sending the email.

Example

cURL
curl --request POST \
  --url https://api.example.com/forgot-password \
  --header 'Content-Type: application/json' \
  --data '{ "email": "[email protected]" }'

POST /reset-password

Set a new password using the token received in the reset email.

Request body

token
string
required
The reset token from the password reset email link. Valid for 60 minutes from the time the /forgot-password request was made.
newPassword
string
required
The new password to set for the account. Stored as a bcrypt hash (cost factor 10).

Response

200 — Password updated

{
  "message": "Contraseña actualizada correctamente."
}

Error responses

StatusCondition
400token or newPassword is missing, or the token is invalid or has expired.
500Internal server error.

Example

cURL
curl --request POST \
  --url https://api.example.com/reset-password \
  --header 'Content-Type: application/json' \
  --data '{
    "token": "a3f8c2d1e4b7...",
    "newPassword": "newSecurePassword456"
  }'

POST /resend-verification

Resend the account verification email to an unverified account.

Rate limiting

Protected by authLimiter: 10 requests per 15 minutes per IP.

Request body

Provide at least one of the following:
email
string
The email address associated with the account.
username
string
The username associated with the account. Lookup is case- and accent-insensitive.

Response

200 — Verification email sent

{
  "message": "Se ha reenviado el correo de verificación. Por favor, revisa tu bandeja de entrada."
}

Error responses

StatusCondition
400Neither email nor username provided, or the account is already verified.
404No account found matching the provided email or username.
500Internal server error or failure sending the email.

Example

cURL
curl --request POST \
  --url https://api.example.com/resend-verification \
  --header 'Content-Type: application/json' \
  --data '{ "email": "[email protected]" }'

GET /verify-email/:token

Verify an account’s email address using the token from the verification email. On success, the account is marked as verified and a JWT token is returned to allow automatic login.

Path parameter

token
string
required
The verification token from the link in the registration or resend-verification email.

Response

200 — Account verified

{
  "message": "Cuenta verificada correctamente. Iniciando sesión...",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
message
string
Confirmation that the account is now verified.
token
string
A signed JWT token for immediate login. Expires in 7 days for user accounts, or 6 hours for admin and referee accounts.

Error responses

StatusCondition
400The token is invalid or the account has already been verified.
500Account verified but JWT could not be generated, or internal server error.

Example

cURL
curl --request GET \
  --url https://api.example.com/verify-email/a3f8c2d1e4b7c6a0f2e9d8b5c1a7e3f0

Build docs developers (and LLMs) love

Get started for freeTalk to us