Reset password with token

POST

/auth/password/reset

Completes the password reset flow by verifying the token and updating the password. All existing sessions are invalidated to prevent session fixation attacks.

Request Body

object

token

required

string

>= 1 characters

newPassword

required

string

>= 8 characters

Responses

200

Password reset successful

object

message

required

string

400

Invalid request (e.g., password too short)

401

Invalid or expired token

404

User not found