The password recovery endpoint accepts an email address and calls Supabase’sDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Taykl12/Classify/llms.txt
Use this file to discover all available pages before exploring further.
resetPasswordForEmail method. When the Supabase side succeeds, a reset link is sent to the inbox; the link points back to APP_ORIGIN/login where the user can set a new password. Crucially, the API always returns the same success message whether the supplied email is registered or not — this prevents attackers from enumerating valid accounts by probing the endpoint. No Authorization header is required to call this endpoint.
Request
application/json
Body parameters
The email address to send the password-reset link to. The response will be identical whether or not this address exists in the system.
Response 200 OK
The response is always the same, regardless of whether the email is registered.
A fixed message confirming that instructions were sent if the address exists. Never indicates whether the email was found.
Redirect behavior
The reset link embedded in the email uses theredirectTo parameter set to:
APP_ORIGIN is the environment variable configured on the server (e.g. http://localhost:5173 in development). After clicking the link, Supabase appends the recovery token as a URL fragment; your /login route is responsible for detecting it and calling supabase.auth.updateUser({ password: newPassword }) to complete the reset.
Error responses
| Status | Condition |
|---|---|
400 | The email field is missing from the request body |
400 | Supabase returned an error while attempting to send the reset email |