post https://{application_vanity_domain}/api/v1/password-reset/reset-password
Updates the user's password to the new password provided in the request. Calling this API will revoke the user's active auth sessions and refresh tokens.
Note, this API can be called in three distinct ways.
- The first way is from a password reset email containing a verification link. With this approach, the
emailAuthCodefield must be provided in the request body. - The second way is from a password reset email containing an OTP. With this approach, the
requestCodeandverificationCodefields must be provided in the request body. - The third way is from a password reset link. With this approach, the
passwordResetCodefield must be provided in the request body.
Several responses can be returned from this API. Please refer to the result response field description to see the different types of responses that can be returned.
Required Permissions
Below is the list of required permissions needed to interact with this API. For each permission, the allowed permission boundaries are also specified.
| Permission | Boundary | Description |
|---|---|---|
| password-reset-workflow:execute | Application | The subject can perform this operation for requests associated with the application to which the subject belongs. |