Reset Password
Reset user password using reset token from forgot password email.
Quick Navigation
Endpoint
POST /api/v1/auth/reset-password
Headers
| Header | Required | Description |
|---|---|---|
Content-Type | Yes | application/json |
Request Body
{
"token": "reset_token_from_email",
"new_password": "NewSecurePassword123!"
}
Parameters
| Field | Type | Required | Description |
|---|---|---|---|
token | string | Yes | Password reset token from email |
new_password | string | Yes | New password meeting strength requirements |
Validations
- Token validation and expiration check (1 hour)
- Password strength validation:
- Minimum 8 characters
- At least one uppercase letter
- At least one lowercase letter
- At least one number
Response
Success (204)
No content returned.
Error Codes
| Status | Code | Description |
|---|---|---|
| 400 | INVALID_TOKEN | Invalid or expired token |
| 404 | USER_NOT_FOUND | User not found |
| 422 | VALIDATION_ERROR | Request validation failed |
Data Flow
-
Token Validation
- Validate token from Redis
- Check token expiration (1 hour)
- Extract user ID from token
-
User Validation
- Verify user exists
- Check account status
-
Password Validation
- Validate password strength
- Check password requirements
-
Password Update
- Hash new password with bcrypt
- Update user.password_hash
- Clear old password reset tokens
-
Session Revocation
- Revoke all existing refresh tokens
- Invalidate all active sessions
- Force re-authentication
-
Token Cleanup
- Remove reset token from Redis
- Mark token as used
-
Email Notification
- Send password reset confirmation email
- Queue email via email service
-
Audit Logging
- Log password reset event
- Record IP address
Features
- Token validation and expiration check (1 hour max)
- Password strength validation
- Revokes all existing sessions (security measure)
- Sends confirmation email
- Audit logging
- Returns 204 No Content
Example
curl -X POST https://api.rivergen.com/api/v1/auth/reset-password \
-H "Content-Type: application/json" \
-d '{
"token": "reset_token_xyz789",
"new_password": "NewSecurePassword123!"
}'
Related Endpoints
- Forgot Password - Request password reset
- Login - Login with new password
- Change Password - Change password while logged in