post https://{applicationQualifiedDomain}.us.wristband.dev/api/v1/password-reset/reset-password
Updates the user's password to the new password provided in the request. Calling
this API will result in the user's active auth sessions and refresh tokens being revoked.
Note, this API can be called in two distinct ways.
- The first way is from a password reset email containing a verification link. With this approach the
emailAuthCodefield must be provided in the request body. - The second way is from a password reset email containing an OTP. With this approach the
requestCodeandverificationCodefields must be provided in the request body.
Required Permissions
Below is the list of required permissions needed to interact with this API. For each permission the allowed permission boundaries are also specified.
| Permission | Boundary | Description |
|---|---|---|
| password-reset-workflow:execute | Application | The subject can perform this operation for requests associated to the application that the subject belongs to. |