Skip to main content

POST /api/auth/forgot-password

Generates a password reset token and sends it to the user’s email address.

Authentication

No authentication required.

Request Body

email
string
required
Valid email address associated with the account.

Request Example

{
  "email": "john@example.com"
}

Response

message
string
Instructions message to check email.

Success Response (200 OK)

"Check your email for instructions"

Error Responses

404 Not Found - User Does Not Exist

{
  "error": "User not found"
}

400 Bad Request - Validation Errors

{
  "errors": [
    {
      "msg": "Email not valid",
      "param": "email"
    }
  ]
}

cURL Example

curl -X POST https://api.example.com/api/auth/forgot-password \
  -H "Content-Type: application/json" \
  -d '{
    "email": "john@example.com"
  }'

Notes

  • Generates a new 6-digit token for the user
  • Sends password reset email with the token
  • Token is stored in the user’s record for validation
  • Rate limiting is applied to this endpoint
  • Use the token with the /reset-password/:token endpoint to complete the reset

Build docs developers (and LLMs) love

Get started for freeTalk to us