# Password Reset

> Add password reset to your app in minutes. Two-step flow: email a reset link, then verify the token and set a new password via the SDK.

A two-step flow: request a reset link via email, then set a new password using the token from that link.

## Step 1 — Request reset email

```tsx

function ForgotPassword() {
  const { requestPasswordReset, loading } = useAuth()

  const handleSubmit = async () => {
    await requestPasswordReset(email)
    // Show "check your email" confirmation
  }
}
```

```bash
POST /v1/public/projects/{slug}/auth/reset-password-request

{ "email": "user@example.com" }
```

## Step 2 — Set new password

The reset email links to your app with a `?token=` param. Handle it on your reset page:

```tsx

function ResetPasswordPage() {
  const { resetPassword, loading, error } = useAuth()
  const [params] = useSearchParams()
  const [newPassword, setNewPassword] = useState('')

  const handleReset = async (e) => {
    e.preventDefault()
    const token = params.get('token')
    await resetPassword(token, newPassword)
    // Redirect to login
  }

  return (
    <form onSubmit={handleReset}>
      <input
        type="password"
        value={newPassword}
        onChange={e => setNewPassword(e.target.value)}
        placeholder="New password"
        minLength={8}
      />
      {error && <p className="text-red-500">{error}</p>}
      <button type="submit" disabled={loading}>Reset password</button>
    </form>
  )
}
```

```bash
POST /v1/public/projects/{slug}/auth/reset-password

{
  "token": "reset-token-from-email",
  "newPassword": "new-secure-password"
}
```

## Configure reset email redirect

Set your app's reset URL in the dashboard under **Auth → Configuration → Password Reset URL**. Aerostack appends `?token=...` to this URL when sending the reset email.