The password reset resource is available in order to change the password for a user. A password reset can be initiated by providing the email address of a user. If this email is recognised, an email with a password reset link will be sent to that email address. The user should visit this link to choose a new password. These reset links are one time use and will only be valid for one day. If a new link is sent to the same email address, their old links will no longer work.

Password Reset

API specification


POST /password-resets

This endpoint creates a new password reset with the posted data. A password reset link will be sent via email. Any previous password resets for this user will be disabled.


PATCH /password-resets/{password_reset_id}

With the password_reset_id from the password reset link you are able to update this resource. In the PATCH request, you only have to specify the new password attribute. If the request is accepted, the user is able to use the new password.


Password resets cannot be deleted. They automatically expire after 24 hours or if a new one is created.