Forgot Password API
Forgot-password routes reset credentials without requiring login.
API call order
POST /forgot-password/codewith the user email.- User receives code/reset link by email.
POST /forgot-password/confirmwith code and new password fields.- Login again through
POST /loginwith the new password.
Shared request setup is documented once in API index.
Send reset code
POST /forgot-password/code
Send a password reset code to the user's email.
Generates a one-time code, stores it with an expiry, and emails a reset link.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
request
|
ForgotPasswordRequest
|
Request containing the user's email. |
required |
Returns:
| Type | Description |
|---|---|
|
Dict[str, str]: Confirmation message. |
Raises:
| Type | Description |
|---|---|
HTTPException
|
404 if user not found. |
Usage
resp = requests.post(
f"{BASE_URL}/forgot-password/code",
json={"email": "astro.user@example.com"},
timeout=30,
)
resp.raise_for_status()
print(resp.json())
Explanation
Generates a one-time reset code and emails the reset link.
Notes
- No authentication token is required.
- Fails if the email does not exist.
Confirm new password
POST /forgot-password/confirm
Confirm a password reset with the provided code and new password.
Validates the reset code and its expiry, ensures password confirmation matches, updates the user's password, and invalidates the code.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
request
|
ForgotPasswordConfirmation
|
Confirmation payload with code and new password. |
required |
Returns:
| Type | Description |
|---|---|
|
Dict[str, str]: Confirmation message. |
Raises:
| Type | Description |
|---|---|
HTTPException
|
404 if code is invalid or expired, or user not found. |
HTTPException
|
400 if passwords do not match. |
Usage
resp = requests.post(
f"{BASE_URL}/forgot-password/confirm",
json={
"code": "ABC123",
"new_password": "StrongPassword123!",
"confirm_password": "StrongPassword123!",
},
timeout=30,
)
resp.raise_for_status()
print(resp.json())
Explanation
Validates code and expiry, then updates the user's password.
Notes
new_passwordandconfirm_passwordmust match.- Code must be valid and not expired.
Full API reference
For exhaustive schema details, use Swagger API.