Password Reset Endpoints

Two-step process for resetting user passwords: request reset and confirm reset.

POST /api/password_reset_request

Initiate a password reset by sending a reset token to the user's email.

Endpoint URL
POST /api/password_reset_request?api_token=your_api_access_token
Request Body
{
    "email": "user@example.com"
}
Response
Success (200 OK):
{
    "status": "success",
    "message": "Password reset email sent"
}
Error (404 Not Found):
{
    "status": "error",
    "message": "Email address not found"
}

POST /api/password_reset

Complete the password reset using the token received via email.

Endpoint URL
POST /api/password_reset?api_token=your_api_access_token
Request Body
{
    "token": "reset_token_from_email",
    "password": "new_password123",
    "password_confirmation": "new_password123"
}
Response
Success (200 OK):
{
    "status": "success",
    "message": "Password reset successfully"
}
Error (400 Bad Request):
{
    "status": "error",
    "message": "Invalid or expired reset token"
}

Complete Example Flow

// Step 1: Request password reset
async function requestPasswordReset(email) {
  const response = await fetch('https://api.creditrisk.co.za/api/password_reset_request?api_token=your_api_token', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ email: email })
  });
  
  const result = await response.json();
  if (result.status === 'success') {
    alert('Password reset email sent. Check your inbox.');
  }
  return result;
}

// Step 2: Reset password with token
async function resetPassword(token, newPassword, confirmPassword) {
  const response = await fetch('https://api.creditrisk.co.za/api/password_reset?api_token=your_api_token', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      token: token,
      password: newPassword,
      password_confirmation: confirmPassword
    })
  });
  
  const result = await response.json();
  if (result.status === 'success') {
    alert('Password reset successfully. Please login with your new password.');
    window.location.href = '/login';
  }
  return result;
}

Process Flow

1
User enters email
2
POST to /password_reset_request
3
User clicks email link
4
POST to /password_reset
Security Notes:
  • Reset tokens expire after 1 hour
  • Tokens are single-use only
  • Password must meet minimum security requirements
  • Rate limiting applies to prevent abuse