Skip to content

POST /auth/reset-password

Set a new password using the token from the password reset email. The token is typically passed in the request body or as a query parameter (see your project’s reset link format).

POST /v1/public/projects/:projectSlug/auth/reset-password
ParameterTypeRequiredDescription
projectSlugstringYour project’s unique slug
FieldTypeRequiredDescription
tokenstringReset token from the email link
newPasswordstringNew password (minimum 8 characters, mixed case, numbers, special chars)
{
"token": "reset-token-from-email",
"newPassword": "NewSecurePassword123!"
}
{
"message": "Password updated successfully. You can now sign in."
}

After success, the user can log in with the new password via POST /auth/login. The reset token is invalidated.

Status CodeError CodeDescription
400INVALID_REQUESTInvalid token or password (e.g. too weak)
401INVALID_TOKENToken expired or already used
429RATE_LIMIT_EXCEEDEDToo many attempts
500INTERNAL_SERVER_ERRORServer error
  • Event: auth.password.reset.completed
    • When: After password is successfully reset
    • Can do: Security logging, notify user, revoke other sessions

Configure in Project → Hooks. Learn more about hooks →

POSThttps://api.aerostack.dev/v1/public/projects/your-project/auth/reset-password