Skip to main content
POST
/
api
/
forgot-password
Forgot Password
curl --request POST \
  --url https://api.example.com/api/forgot-password \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "<string>"
}
'
{
  "reset_token": "<string>"
}
Generates a password reset token for the user associated with the provided email address. For security reasons, this endpoint always returns a success message regardless of whether the email exists in the system.

Request

email
string
required
The email address of the account to reset

Response

reset_token
string
The JWT reset token to use for resetting the password. This token expires after a limited time period.

Example Request

curl -X POST http://localhost:8000/api/forgot-password \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]"
  }'

Example Response

{
  "reset_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Security Note

This endpoint follows security best practices by not revealing whether an email exists in the database. This prevents malicious actors from using this endpoint to enumerate valid user accounts.

Development Note

In the current development setup, the password reset link is printed to the server console since email functionality is not yet configured. In production, this token would be sent via email to the user.

Build docs developers (and LLMs) love

Get started for freeTalk to us