Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Kr-Yogsa/ECE-BOT/llms.txt

Use this file to discover all available pages before exploring further.

Users who cannot log in can reset their password through a three-step OTP verification flow. An email containing a 6-digit code is sent to the registered address. The code must be verified before a new password is accepted. OTPs expire after 10 minutes and are invalidated once used.

Step 1 — Request a password reset OTP

Send the registered email address to receive a reset code by email. POST /auth/forgot-password/request-otp

Request body

email
string
required
The email address associated with the account to reset.

Responses

message
string
Confirmation that the OTP was dispatched.Example: "OTP sent to your email."

Error responses

StatusError messageCause
400"Email is required."Missing email field.
400"Please enter a valid email address."Malformed email format.
404"User not found."No account exists for this email.
429"OTP already sent. Please wait 1 minute before requesting again."A reset OTP was requested within the last 60 seconds.
A 60-second cooldown is enforced between reset OTP requests for the same email address. If the request hits the cooldown, prompt the user to wait before trying again.

Example

curl -X POST https://your-app.onrender.com/auth/forgot-password/request-otp \
  -H "Content-Type: application/json" \
  -d '{"email": "user@example.com"}'

Step 2 — Verify the OTP

Confirm the user has access to the registered email before accepting a new password. POST /auth/forgot-password/verify-otp

Request body

email
string
required
The email address the OTP was sent to.
otp
string
required
The 6-digit one-time code from the reset email.

Responses

message
string
Confirmation that the code is valid and a new password may be set.Example: "OTP verified. You can set a new password now."

Error responses

StatusError messageCause
400"Email and OTP are required."One or both fields are missing.
400"Please enter a valid email address."Malformed email format.
400"Invalid OTP."The code does not match the stored hash.
400"OTP has expired."The 10-minute validity window has passed.
This step does not consume the OTP. Submit the same code again in Step 3 when setting the new password.

Example

curl -X POST https://your-app.onrender.com/auth/forgot-password/verify-otp \
  -H "Content-Type: application/json" \
  -d '{"email": "user@example.com", "otp": "123456"}'

Step 3 — Set a new password

Submit the verified OTP alongside the new password to update the account. POST /auth/forgot-password/reset

Request body

email
string
required
The email address of the account being reset.
otp
string
required
The 6-digit OTP from the reset email (same code used in Step 2).
new_password
string
required
The replacement password to set on the account.

Responses

message
string
Confirmation that the password was updated.Example: "Password updated successfully. Please login."

Error responses

StatusError messageCause
400"Email, OTP, and new password are required."One or more fields are missing.
400"Please enter a valid email address."Malformed email format.
400"Invalid OTP."The code does not match or has already been used.
400"OTP has expired."The 10-minute window has passed.
404"User not found."No account exists for this email.

Example

curl -X POST https://your-app.onrender.com/auth/forgot-password/reset \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "otp": "123456",
    "new_password": "newSecurePassword"
  }'

Full password reset flow

1

Request OTP

Call POST /auth/forgot-password/request-otp with the account’s email address. A 6-digit code is sent by email and is valid for 10 minutes.
2

Verify OTP

Call POST /auth/forgot-password/verify-otp with the email and received code. A success response confirms the code is correct and you may show the new password field.
3

Reset password

Call POST /auth/forgot-password/reset with the email, the same OTP, and the chosen new password. The server updates the password, invalidates the OTP, and the user can log in with the new credentials.
After a successful reset, the OTP is marked as used and cannot be reused. The user must request a new code if they need to reset their password again.

Build docs developers (and LLMs) love

Get started for freeTalk to us