Password Reset Request
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude

POST /v1/auth/password/reset - Initiate a password reset flow by requesting a 4-digit verification code to be sent to the user's email address. This endpoint is safe to call for unknown emails and always responds generically to avoid information disclosure.

After receiving the code via email, use the Password Reset Verify endpoint to complete the password reset.

POSThttps://api.aitronos.com/v1/auth/password/reset

Sends a password reset email with a 4-digit verification code to the user's email address if the account exists. The code expires after 5 minutes. The response is intentionally generic to prevent email enumeration attacks.

Request Body

email string required

User's email address for password reset.

Returns

A Password Reset Response object containing confirmation message for the reset request.

success boolean

Indicates if the password reset request was processed successfully. Always true for valid requests.

message string

Generic success message. The same message is returned regardless of whether the email exists to prevent email enumeration attacks.

type string

Verification type. Always "password_reset" for password reset requests.

Bash

curl -X POST https://api.aitronos.com/v1/auth/password/reset \
-H "Content-Type: application/json" \
-d '{
  "email": "user@example.com"
}'

What Happens Next?

After successfully requesting a password reset:

User receives email with:
- 4-digit verification code (e.g., 1234)
- Password reset link: https://freddy-hub.aitronos.com/auth/reset-password?email=user@example.com&code=1234
- Username for reference
- Code expires in 5 minutes
User clicks link or enters code on the reset password page
User enters new password and submits to:
```
POST /v1/auth/password/reset/verify
```

See Password Reset Verify for the next step in the flow.

Security Features

Generic response: Always returns success to prevent email enumeration attacks
Rate limiting: Maximum 1 request per minute per email address
Time-limited codes: Verification codes expire after 5 minutes
Automatic cleanup: Expired codes are automatically removed from the database
Secure delivery: Codes are only sent to verified, active user accounts

Email Template

The password reset email includes:

Field	Description	Example
`username`	User's username	`johndoe`
`verification_code`	4-digit code	`1234`
`password_reset_link`	Direct link to reset page	`https://freddy-hub.aitronos.com/auth/reset-password?email=user@example.com&code=1234`
`expiry_minutes`	Code validity period	`5`
`contact_email`	User's email address	`user@example.com`
`name`	User's full name	`John Doe`

Password Reset RequestCopyCopy for LLMCopy page as Markdown for LLMsView as MarkdownOpen this page as MarkdownOpen in ChatGPTGet insights from ChatGPTOpen in ClaudeGet insights from Claude