POST /auth/reset-password
Set a new password using the token from the password reset email. The token is typically passed in the request body or as a query parameter (see your project’s reset link format).
Endpoint
Section titled “Endpoint”POST /v1/public/projects/:projectSlug/auth/reset-passwordRequest Parameters
Section titled “Request Parameters”Path Parameters
Section titled “Path Parameters”| Parameter | Type | Required | Description |
|---|---|---|---|
projectSlug | string | ✅ | Your project’s unique slug |
Request Body
Section titled “Request Body”| Field | Type | Required | Description |
|---|---|---|---|
token | string | ✅ | Reset token from the email link |
newPassword | string | ✅ | New password (minimum 8 characters, mixed case, numbers, special chars) |
Example Request Body
Section titled “Example Request Body”{ "token": "reset-token-from-email", "newPassword": "NewSecurePassword123!"}Response
Section titled “Response”Success (200 OK)
Section titled “Success (200 OK)”{ "message": "Password updated successfully. You can now sign in."}After success, the user can log in with the new password via POST /auth/login. The reset token is invalidated.
Error Responses
Section titled “Error Responses”| Status Code | Error Code | Description |
|---|---|---|
| 400 | INVALID_REQUEST | Invalid token or password (e.g. too weak) |
| 401 | INVALID_TOKEN | Token expired or already used |
| 429 | RATE_LIMIT_EXCEEDED | Too many attempts |
| 500 | INTERNAL_SERVER_ERROR | Server error |
Available Hooks
Section titled “Available Hooks”- Event:
auth.password.reset.completed- When: After password is successfully reset
- Can do: Security logging, notify user, revoke other sessions
Configure in Project → Hooks. Learn more about hooks →
Try It Now
Section titled “Try It Now”POST
https://api.aerostack.dev/v1/public/projects/your-project/auth/reset-passwordRelated Endpoints
Section titled “Related Endpoints”- POST /auth/reset-password-request - Request the reset email
- POST /auth/login - Login with new password