Saturday, December 24, 2016

Password Resources

POST password/reset


Reset a user's password with a reset password token.

Requires authentication

  • A valid access token must be provided in access_token parameter.

Since we can't have an access_token that identifies the user, the application should provide its own access_token. To get one, use the client_credentials method.

The access_token should be sent using an HTTP header like so:

 Authorization: Bearer access_token

An example call with CURL:

 curl --header "Authorization: Bearer jLJeOz8aEIsKtGSdXsqTDGxmtEduUGkZTVJBo3We"


All parameters are required.

  • email - The email address of the user. Must be a valid email address.
  • token - The reset token previously obtained by POST password/remind.
  • password - The new password of the user. Must be at least 6 characters.

Example request:

curl --header "Authorization: Bearer jLJeOz8aEIsKtGSdXsqTDGxmtEduUGkZTVJBo3We" --data "[email protected]&token=lt5hrb0s5pz2_qcc4wl4k3f00000gp&password=azerty"

Return format

A JSON object containing keys status and success.

  • status value: password_reset
  • success value: The new password has been set.


All known errors cause the resource to return HTTP error code header together with a JSON array containing at least status and error keys describing the source of error.

  • 400 Bad Request — When the status key is wrong_user, wrong_password, wrong_token.

error messages

  • If status is wrong_user: The email address doesn't match a user.
  • If status is wrong_token: The reset token is invalid.
  • If status is wrong_password: The password is wrong.





   "success":"The new password has been set."


For an error with HTTP code 400:

   "error":"The email address doesn't match a user."

Powered by Codex 1.1.0