Skip to main content
POST
/
v1
/
b2b
/
passwords
/
discovery
/
email
/
reset
C#
// POST /v1/b2b/passwords/discovery/email/reset
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  password_reset_token: "${token}",
  password: "${examplePassword}",
};

client.Passwords.Discovery.Email.Reset(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });
{
  "request_id": "<string>",
  "intermediate_session_token": "<string>",
  "email_address": "<string>",
  "discovered_organizations": [
    {
      "member_authenticated": true,
      "organization": {
        "organization_id": "<string>",
        "organization_name": "<string>",
        "organization_logo_url": "<string>",
        "organization_slug": "<string>",
        "sso_jit_provisioning": "<string>",
        "sso_jit_provisioning_allowed_connections": [
          "<string>"
        ],
        "sso_active_connections": [
          {
            "connection_id": "<string>",
            "display_name": "<string>",
            "identity_provider": "<string>"
          }
        ],
        "email_allowed_domains": [
          "<string>"
        ],
        "email_jit_provisioning": "<string>",
        "email_invites": "<string>",
        "auth_methods": "<string>",
        "allowed_auth_methods": [
          "<string>"
        ],
        "mfa_policy": "<string>",
        "rbac_email_implicit_role_assignments": [
          {
            "domain": "<string>",
            "role_id": "<string>"
          }
        ],
        "mfa_methods": "<string>",
        "allowed_mfa_methods": [
          "<string>"
        ],
        "oauth_tenant_jit_provisioning": "<string>",
        "claimed_email_domains": [
          "<string>"
        ],
        "first_party_connected_apps_allowed_type": "<string>",
        "allowed_first_party_connected_apps": [
          "<string>"
        ],
        "third_party_connected_apps_allowed_type": "<string>",
        "allowed_third_party_connected_apps": [
          "<string>"
        ],
        "custom_roles": [
          {
            "role_id": "<string>",
            "description": "<string>",
            "permissions": [
              {
                "resource_id": "<string>",
                "actions": [
                  "<string>"
                ]
              }
            ]
          }
        ],
        "trusted_metadata": {},
        "created_at": "<string>",
        "updated_at": "<string>",
        "organization_external_id": "<string>",
        "sso_default_connection_id": "<string>",
        "scim_active_connection": {
          "connection_id": "<string>",
          "display_name": "<string>",
          "bearer_token_last_four": "<string>",
          "bearer_token_expires_at": "<string>"
        },
        "allowed_oauth_tenants": {}
      },
      "membership": {
        "type": "<string>",
        "details": {},
        "member": {
          "organization_id": "<string>",
          "member_id": "<string>",
          "email_address": "<string>",
          "status": "<string>",
          "name": "<string>",
          "sso_registrations": [
            {
              "connection_id": "<string>",
              "external_id": "<string>",
              "registration_id": "<string>",
              "sso_attributes": {}
            }
          ],
          "is_breakglass": true,
          "member_password_id": "<string>",
          "oauth_registrations": [
            {
              "provider_type": "<string>",
              "provider_subject": "<string>",
              "member_oauth_registration_id": "<string>",
              "profile_picture_url": "<string>",
              "locale": "<string>"
            }
          ],
          "email_address_verified": true,
          "mfa_phone_number_verified": true,
          "is_admin": true,
          "totp_registration_id": "<string>",
          "retired_email_addresses": [
            {
              "email_id": "<string>",
              "email_address": "<string>"
            }
          ],
          "is_locked": true,
          "mfa_enrolled": true,
          "mfa_phone_number": "<string>",
          "default_mfa_method": "<string>",
          "roles": [
            {
              "role_id": "<string>",
              "sources": [
                {
                  "type": "<string>",
                  "details": {}
                }
              ]
            }
          ],
          "trusted_metadata": {},
          "untrusted_metadata": {},
          "created_at": "<string>",
          "updated_at": "<string>",
          "scim_registration": {
            "connection_id": "<string>",
            "registration_id": "<string>",
            "external_id": "<string>",
            "scim_attributes": {
              "user_name": "<string>",
              "id": "<string>",
              "external_id": "<string>",
              "active": true,
              "groups": [
                {
                  "value": "<string>",
                  "display": "<string>"
                }
              ],
              "display_name": "<string>",
              "nick_name": "<string>",
              "profile_url": "<string>",
              "user_type": "<string>",
              "title": "<string>",
              "preferred_language": "<string>",
              "locale": "<string>",
              "timezone": "<string>",
              "emails": [
                {
                  "value": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "phone_numbers": [
                {
                  "value": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "addresses": [
                {
                  "formatted": "<string>",
                  "street_address": "<string>",
                  "locality": "<string>",
                  "region": "<string>",
                  "postal_code": "<string>",
                  "country": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "ims": [
                {
                  "value": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "photos": [
                {
                  "value": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "entitlements": [
                {
                  "value": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "roles": [
                {
                  "value": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "x509certificates": [
                {
                  "value": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "name": {
                "formatted": "<string>",
                "family_name": "<string>",
                "given_name": "<string>",
                "middle_name": "<string>",
                "honorific_prefix": "<string>",
                "honorific_suffix": "<string>"
              },
              "enterprise_extension": {
                "employee_number": "<string>",
                "cost_center": "<string>",
                "division": "<string>",
                "department": "<string>",
                "organization": "<string>",
                "manager": {
                  "value": "<string>",
                  "ref": "<string>",
                  "display_name": "<string>"
                }
              }
            }
          },
          "external_id": "<string>",
          "lock_created_at": "<string>",
          "lock_expires_at": "<string>"
        }
      },
      "primary_required": {
        "allowed_auth_methods": [
          "<string>"
        ]
      },
      "mfa_required": {
        "member_options": {
          "mfa_phone_number": "<string>",
          "totp_registration_id": "<string>"
        },
        "secondary_auth_initiated": "<string>"
      }
    }
  ],
  "status_code": 123
}
Call the Discovery Password Reset by Email Start endpoint first to initiate the password reset flow and send the password reset email to the .
Resets the password associated with an email and starts an intermediate session. This endpoint expects a password reset token and new password, and checks the following:
  • The password reset token is valid, hasn’t expired, and hasn’t already been used.
  • The provided password meets the project’s password strength requirements, which can be checked in advance with the password strength endpoint.
If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated. This endpoint adapts to your Project’s password strength configuration. If using zxcvbn, the default, passwords are considered valid if the strength score is >= 3. If you’re using LUDS, passwords are considered valid if they meet the requirements set in your Stytch Dashboard. Resetting a password will return an and a list of discovered organizations the session can be exchanged into.

Authorizations

Authorization
string
header
required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Body

application/json

Request type

password_reset_token
string
required

The password reset token to authenticate.

password
string
required

The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.

pkce_code_verifier
string

Response

Successful response

request_id
string
required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

intermediate_session_token
string
required

The returned Intermediate Session Token contains a password factor associated with the Member. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the OTP SMS Authenticate endpoint, TOTP Authenticate endpoint, or Recovery Codes Recover endpoint to complete an MFA flow and log in to the Organization. The token has a default expiry of 10 minutes. Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.

email_address
string
required

The email address.

discovered_organizations
object[]
required

An array of discovered_organization objects tied to the intermediate_session_token, session_token, or session_jwt. See the Discovered Organization Object for complete details.

Note that Organizations will only appear here under any of the following conditions:

  1. The end user is already a Member of the Organization.

  2. The end user is invited to the Organization.

  3. The end user can join the Organization because:

    a) The Organization allows JIT provisioning.

    b) The Organizations' allowed domains list contains the Member's email domain.

    c) The Organization has at least one other Member with a verified email address with the same domain as the end user (to prevent phishing attacks).

status_code
integer<int32>
required

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.