# POST /auth/reset-password-request

> Request a password reset email

Send a password reset link to the user's email. The user clicks the link and then submits a new password via [POST /auth/reset-password](/reference/authentication/reset-password).

  **Security:** For privacy, the response does not reveal whether the email exists. Rate limiting applies per email and IP.

## Endpoint

```http
POST /v1/public/projects/:projectSlug/auth/reset-password-request
```

## Request Parameters

### Path Parameters

| Parameter | Type | Required | Description |
|-----------|------|----------|-------------|
| `projectSlug` | string | ✅ | Your project's unique slug |

### Request Body

| Field | Type | Required | Description |
|-------|------|----------|-------------|
| `email` | string | ✅ | User's email address |
| `turnstileToken` | string | ❌ | Turnstile token for captcha (if project uses it) |

### Example Request Body

```json
{
  "email": "user@example.com"
}
```

## Response

### Success (200 OK)

```json
{
  "message": "If an account exists with this email, you will receive a password reset link shortly."
}
```

If the email is registered, a reset link is sent. The response is the same whether the email exists or not (to prevent email enumeration).

### Error Responses

| Status Code | Error Code | Description |
|-------------|------------|-------------|
| 400 | `INVALID_REQUEST` | Invalid email |
| 429 | `RATE_LIMIT_EXCEEDED` | Too many requests |
| 500 | `INTERNAL_SERVER_ERROR` | Server error |

## Available Hooks

- **Event**: `auth.password.reset.requested`
  - **When**: After reset email is sent (or would be sent for existing user)
  - **Can do**: Security logging, audit trails, user notifications

Configure in **Project → Hooks**. [Learn more about hooks →](/features/hooks)

## Related Endpoints

- [POST /auth/reset-password](/reference/authentication/reset-password) - Set new password with token from email
- [POST /auth/login](/reference/authentication/login) - Login after reset
