Password Reset Process
The Reset Password API allows users (both authorized and unauthorized) to reset their password in three phases. The process starts by initiating a password reset request and then confirming the request with a verification code.
Phase 1: Initiate Password Reset
Endpoint
POST /v2/password/request
Description
This endpoint initiates a password reset request by sending a verification code to the user's email
Request Headers
Name | Type | Required | Description |
---|---|---|---|
partnerId | int32 | ✅ | Partner ID provided by the Key Account Manager. |
Request Body
Name | Type | Required | Description |
---|---|---|---|
string | ✅ | Email associated with the account for password reset. |
Response
- 200 OK – If the request is successfully processed, a verification code is sent to the user's email.
Example Response
{
"message": "string"
}
Phase 2: Confirm Password Reset
Endpoint
POST /v2/password/reset/confirm
Description
This endpoint continues the password reset process by validating the verification code sent to the user's email on phase 1.
🛡️ Email Verification Code – API Rules
📌 Code Format
✅ 6-digit numeric code
✅ Only numbers allowed
⏳ Code Expiry
✅ Valid for 5 minutes
❌ Expired codes cannot be used for verification
🔄 Resend Policy
✅ A new code can be requested once every 60 seconds
❌ Frequent requests are restricted
⚠ Verification Attempts & Account Lock
✅ Users have 5 attempts to enter the correct code
❌ After 5 failed attempts, the account is temporarily locked and user's forcibly logged out
✅ To unlock the account user should contact the support team.
Request Headers
Name | Type | Required | Description |
---|---|---|---|
partnerId | int32 | ✅ | Partner ID provided by the Key Account Manager. |
Request Body
Name | Type | Required | Description |
---|---|---|---|
confirmCode | string | ✅ | Confirmation code required to verify the password change request. |
string | ✅ | Email associated with the account for password reset. |
Response
- 200 OK – If the password has been successfully reset, returns the signed payload.
Example Response
{
"payload": "string"
}
Phase 3: Set a new Password
Endpoint
POST /v2/password/reset/execute
Description
This endpoint sets a new password after validating the signed payload.
Password Requirements:
- Length: 10 to 32 characters
- Must contain both lowercase and uppercase Latin letters
- Must include at least 1 number
- Must contain at least 1 symbol (e.g.,
!
,@
,#
,$
)- A weak password (e.g., including
qwerty
or12345
combinations) will not be accepted- The last 5 user's passwords cannot be specified as a new one
Request Headers
Name | Type | Required | Description |
---|---|---|---|
partnerId | int32 | ✅ | Partner ID provided by the Key Account Manager. |
Request Body
Name | Type | Required | Description |
---|---|---|---|
payload | string | ✅ | Data that may contain public information such as username or predefined and recommended claims such as expiration time or subject. |
string | ✅ | Email associated with the account for password reset. | |
newPassword | string | ✅ | New password to be set after reset. |
Response
- 200 OK – If the password has been successfully reset, returns «ok» message.
Example Response
{
"result" : "ok"
}
Updated 4 days ago