Guides

Forgot password?

Suggest Edits

This documentation outlines the steps and API endpoints required to reset a user's password in the system.

Password Reset Process

The password reset process consists of two main steps:

  1. Requesting a Password Reset Code: The user initiates the password reset process by requesting a reset code.
  2. Resetting the Password: The user submits the reset code along with their new password to update their account credentials.

Step 1: Request a Password Reset Code

Endpoint: POST /reg/user/resetPasswordRequest

The user requests a password reset code, which is sent to their registered email address.

Request Example

{
  "username": "[email protected]", //the email address of the user requesting the password reset.
  "code": "12345" //the code that the user must provide to validate their identity.
}

Step 2: Request a Password Reset Code

Endpoint: POST /reg/user/resetPassword

This endpoint allows the user to reset their password using the reset code received in Step 1.

Request Payload

To reset the password, you need to provide the following parameters:

{
  "newPassword": "A9#bL8@z", //the new password chosen by the user.
  "signedPayload": "cmVzZXRQYXNzd26RkVnNFpOeWdXckc3VXZoOHozYjlPTUZIajJ2SVR6UT0=", // The signed payload for validation.
  "username": "[email protected]" //the email address of the user.
}

To verify the phone number and see the confirmed details, use the endpoint: Retrieve User Info

Example Response:

{
  "userType": "CUSTOMER", //the type of the user, e.g., `CUSTOMER`.
  "phone": "443456677956", //the phone number associated with the user's account.
  "primaryEmail": { // an object containing
    "id": "613e46c4-7b77-4d43-ace0-e0a9231952b0", //unique identifier for the primary email.
    "email": "[email protected]", //the email address.
    "confirmed": true //boolean indicating whether the email address has been confirmed.
  },
  "emails": [ //a list of email objects associated with the account.
    {
      "id": "613e46c4-7b77-4d43-ace0-e0a9231952b0", //unique identifier for the email.
      "email": "[email protected]", //the email address.
      "confirmed": true //boolean indicating whether the email address has been confirmed.
    }
  ],
  "approved": false, //indicates whether the user's account is approved. 
  "addresses": [], //a list of addresses associated with the user. This is usually empty after initial setup.
  "userScopes": [ //a list of permissions and scopes granted to the user.
    "accounts:create",
    "accounts:read",
    "top_up_account:show",
    "top_up_bank_card:show",
    "top_up_crypto:show",
    "top_up_bank:show",
    "top_up_atm_gcp_qr:show",
    "withdraw_account:show",
    "withdraw_bank:show",
    "withdraw_crypto:show",
    "withdraw_atm_gcp_qr:show",
    "exchange:show",
    "accounts:show",
    "withdraw_other_account:show",
    "deposit:read",
    "deposit_crypto:create",
    "deposit_bank:create",
    "deposit_atm:create",
    "transfer:read",
    "transfer_own:create",
    "transfer_other:create",
    "exchange:read",
    "exchange:create",
    "withdraw:read",
    "withdraw_crypto:create",
    "withdraw_bank:create",
    "withdraw_atm:create",
    "withdraw_ips:show",
    "cardholder_user:read",
    "cardholder_user:write",
    "user_phone:write",
    "user_email:write",
    "user_email:create",
    "user_phone:create",
    "user_mfa:read",
    "user_mfa:create",
    "counterparty:create",
    "counterparty:read"
  ],
  "accounts": [], //accounts linked to the user. This is usually empty after initial setup.
  "userGroups": [] //groups to which the user belongs. This is usually empty after initial setup.
}

Updated 2 months ago