Password Reset Process
The Reset Password API allows users (both authorized and unauthorized) to reset their password in three phases. The process starts by initiating a password reset request and then confirming the request with a verification code.
Step 1. Initiate Password Reset
Endpoint
POST /v2/password/request
Description
This endpoint initiates a password reset request by sending a verification code to the user's email
Request Headers
| Name | Type | Required | Description |
|---|---|---|---|
| partnerId | int32 | ✅ | Partner ID provided by the Key Account Manager. |
Request Body
| Name | Type | Required | Description |
|---|---|---|---|
| string | ✅ | Email associated with the account for password reset. |
Response
- 200 OK – If the request is successfully processed, a verification code is sent to the user's email.
Example Response
{
"message": "string"
}Step 2. Confirm Password Reset
Endpoint
POST /v2/password/reset/confirm
Description
This endpoint continues the password reset process by validating the verification code sent to the user's email on the 1st phase.
Email Verification Code – API RulesCode format:
- 6-digit numeric code;
- only numbers allowed.
Code expiry:
- valid for 5 minutes;
- expired codes cannot be used for verification.
Resend policy:
A new code can be requested once every 60 seconds by using POST /reg/v1/signup/confirm endpoint.
Verification attempts & account lock:
- users have 5 attempts to enter the correct code;
- after 5 failed attempts, the account is temporarily locked and user's forcibly logged out;
- to unlock the account user should contact the support team.
Request Headers
| Name | Type | Required | Description |
|---|---|---|---|
| partnerId | int32 | ✅ | Partner ID provided by the Key Account Manager. |
Request Body
| Name | Type | Required | Description |
|---|---|---|---|
| confirmCode | string | ✅ | Confirmation code required to verify the password change request. |
| string | ✅ | Email associated with the account for password reset. |
Response
- 200 OK – If the password has been successfully reset, returns the signed payload.
Example Response
{
"payload": "string"
}Step 3. Set a new Password
Endpoint
POST /v2/password/reset/execute
Description
This endpoint sets a new password after validating the signed payload.
Password Requirements
- Length: 10 to 32 characters.
- Must contain both lowercase and uppercase Latin letters.
- Must include at least 1 number.
- Must contain at least 1 symbol (e.g.,
!,@,#,$).- A weak password (e.g., including
qwertyor12345combinations) will not be accepted.- The last 5 user's passwords cannot be specified as a new one.
Request Headers
| Name | Type | Required | Description |
|---|---|---|---|
| partnerId | int32 | ✅ | Partner ID provided by the Key Account Manager. |
Request Body
| Name | Type | Required | Description |
|---|---|---|---|
| payload | string | ✅ | Data that may contain public information such as username or predefined and recommended claims such as expiration time or subject. |
| string | ✅ | Email associated with the account for password reset. | |
| newPassword | string | ✅ | New password to be set after reset. |
Response
- 200 OK – If the password has been successfully reset, returns «ok» message.
Example Response
{
"result" : "ok"
}Updated about 1 month ago