Password Reset By Email

// POST /v1/passwords/email/reset
const stytch = require('stytch');

const client = new stytch.Client({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  token: "${token}",
  password: "${examplePassword}",
  session_duration_minutes: 60,
};

client.Passwords.Email.Reset(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

{
  "request_id": "<string>",
  "user_id": "<string>",
  "session_token": "<string>",
  "session_jwt": "<string>",
  "user": {
    "user_id": "<string>",
    "emails": [
      {
        "email_id": "<string>",
        "email": "<string>",
        "verified": true
      }
    ],
    "status": "<string>",
    "phone_numbers": [
      {
        "phone_id": "<string>",
        "phone_number": "<string>",
        "verified": true
      }
    ],
    "webauthn_registrations": [
      {
        "webauthn_registration_id": "<string>",
        "domain": "<string>",
        "user_agent": "<string>",
        "verified": true,
        "authenticator_type": "<string>",
        "name": "<string>"
      }
    ],
    "providers": [
      {
        "provider_type": "<string>",
        "provider_subject": "<string>",
        "profile_picture_url": "<string>",
        "locale": "<string>",
        "oauth_user_registration_id": "<string>"
      }
    ],
    "totps": [
      {
        "totp_id": "<string>",
        "verified": true
      }
    ],
    "crypto_wallets": [
      {
        "crypto_wallet_id": "<string>",
        "crypto_wallet_address": "<string>",
        "crypto_wallet_type": "<string>",
        "verified": true
      }
    ],
    "biometric_registrations": [
      {
        "biometric_registration_id": "<string>",
        "verified": true
      }
    ],
    "is_locked": true,
    "roles": [
      "<string>"
    ],
    "name": {
      "first_name": "<string>",
      "middle_name": "<string>",
      "last_name": "<string>"
    },
    "created_at": "<string>",
    "password": {
      "password_id": "<string>",
      "requires_reset": true
    },
    "trusted_metadata": {},
    "untrusted_metadata": {},
    "external_id": "<string>",
    "lock_created_at": "<string>",
    "lock_expires_at": "<string>"
  },
  "status_code": 123,
  "session": {
    "session_id": "<string>",
    "user_id": "<string>",
    "authentication_factors": [
      {
        "type": "magic_link",
        "delivery_method": "email",
        "last_authenticated_at": "<string>",
        "created_at": "<string>",
        "updated_at": "<string>",
        "email_factor": {
          "email_id": "<string>",
          "email_address": "<string>"
        },
        "phone_number_factor": {
          "phone_id": "<string>",
          "phone_number": "<string>"
        },
        "google_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "microsoft_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "apple_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "webauthn_factor": {
          "webauthn_registration_id": "<string>",
          "domain": "<string>",
          "user_agent": "<string>"
        },
        "authenticator_app_factor": {
          "totp_id": "<string>"
        },
        "github_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "recovery_code_factor": {
          "totp_recovery_code_id": "<string>"
        },
        "facebook_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "crypto_wallet_factor": {
          "crypto_wallet_id": "<string>",
          "crypto_wallet_address": "<string>",
          "crypto_wallet_type": "<string>"
        },
        "amazon_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "bitbucket_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "coinbase_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "discord_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "figma_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "git_lab_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "instagram_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "linked_in_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "shopify_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "slack_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "snapchat_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "spotify_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "steam_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "tik_tok_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "twitch_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "twitter_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "embeddable_magic_link_factor": {
          "embedded_id": "<string>"
        },
        "biometric_factor": {
          "biometric_registration_id": "<string>"
        },
        "saml_sso_factor": {
          "id": "<string>",
          "provider_id": "<string>",
          "external_id": "<string>"
        },
        "oidc_sso_factor": {
          "id": "<string>",
          "provider_id": "<string>",
          "external_id": "<string>"
        },
        "salesforce_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "yahoo_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "hubspot_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "slack_oauth_exchange_factor": {
          "email_id": "<string>"
        },
        "hubspot_oauth_exchange_factor": {
          "email_id": "<string>"
        },
        "github_oauth_exchange_factor": {
          "email_id": "<string>"
        },
        "google_oauth_exchange_factor": {
          "email_id": "<string>"
        },
        "impersonated_factor": {
          "impersonator_id": "<string>",
          "impersonator_email_address": "<string>"
        },
        "oauth_access_token_exchange_factor": {
          "client_id": "<string>"
        },
        "trusted_auth_token_factor": {
          "token_id": "<string>"
        }
      }
    ],
    "roles": [
      "<string>"
    ],
    "started_at": "<string>",
    "last_accessed_at": "<string>",
    "expires_at": "<string>",
    "attributes": {
      "ip_address": "<string>",
      "user_agent": "<string>"
    },
    "custom_claims": {}
  },
  "user_device": {
    "visitor_id": "<string>",
    "visitor_id_details": {
      "is_new": true,
      "first_seen_at": "<string>",
      "last_seen_at": "<string>"
    },
    "ip_address": "<string>",
    "ip_address_details": {
      "is_new": true,
      "first_seen_at": "<string>",
      "last_seen_at": "<string>"
    },
    "ip_geo_city": "<string>",
    "ip_geo_region": "<string>",
    "ip_geo_country": "<string>",
    "ip_geo_country_details": {
      "is_new": true,
      "first_seen_at": "<string>",
      "last_seen_at": "<string>"
    }
  }
}

POST

passwords

reset

// POST /v1/passwords/email/reset
const stytch = require('stytch');

const client = new stytch.Client({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  token: "${token}",
  password: "${examplePassword}",
  session_duration_minutes: 60,
};

client.Passwords.Email.Reset(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

{
  "request_id": "<string>",
  "user_id": "<string>",
  "session_token": "<string>",
  "session_jwt": "<string>",
  "user": {
    "user_id": "<string>",
    "emails": [
      {
        "email_id": "<string>",
        "email": "<string>",
        "verified": true
      }
    ],
    "status": "<string>",
    "phone_numbers": [
      {
        "phone_id": "<string>",
        "phone_number": "<string>",
        "verified": true
      }
    ],
    "webauthn_registrations": [
      {
        "webauthn_registration_id": "<string>",
        "domain": "<string>",
        "user_agent": "<string>",
        "verified": true,
        "authenticator_type": "<string>",
        "name": "<string>"
      }
    ],
    "providers": [
      {
        "provider_type": "<string>",
        "provider_subject": "<string>",
        "profile_picture_url": "<string>",
        "locale": "<string>",
        "oauth_user_registration_id": "<string>"
      }
    ],
    "totps": [
      {
        "totp_id": "<string>",
        "verified": true
      }
    ],
    "crypto_wallets": [
      {
        "crypto_wallet_id": "<string>",
        "crypto_wallet_address": "<string>",
        "crypto_wallet_type": "<string>",
        "verified": true
      }
    ],
    "biometric_registrations": [
      {
        "biometric_registration_id": "<string>",
        "verified": true
      }
    ],
    "is_locked": true,
    "roles": [
      "<string>"
    ],
    "name": {
      "first_name": "<string>",
      "middle_name": "<string>",
      "last_name": "<string>"
    },
    "created_at": "<string>",
    "password": {
      "password_id": "<string>",
      "requires_reset": true
    },
    "trusted_metadata": {},
    "untrusted_metadata": {},
    "external_id": "<string>",
    "lock_created_at": "<string>",
    "lock_expires_at": "<string>"
  },
  "status_code": 123,
  "session": {
    "session_id": "<string>",
    "user_id": "<string>",
    "authentication_factors": [
      {
        "type": "magic_link",
        "delivery_method": "email",
        "last_authenticated_at": "<string>",
        "created_at": "<string>",
        "updated_at": "<string>",
        "email_factor": {
          "email_id": "<string>",
          "email_address": "<string>"
        },
        "phone_number_factor": {
          "phone_id": "<string>",
          "phone_number": "<string>"
        },
        "google_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "microsoft_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "apple_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "webauthn_factor": {
          "webauthn_registration_id": "<string>",
          "domain": "<string>",
          "user_agent": "<string>"
        },
        "authenticator_app_factor": {
          "totp_id": "<string>"
        },
        "github_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "recovery_code_factor": {
          "totp_recovery_code_id": "<string>"
        },
        "facebook_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "crypto_wallet_factor": {
          "crypto_wallet_id": "<string>",
          "crypto_wallet_address": "<string>",
          "crypto_wallet_type": "<string>"
        },
        "amazon_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "bitbucket_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "coinbase_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "discord_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "figma_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "git_lab_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "instagram_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "linked_in_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "shopify_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "slack_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "snapchat_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "spotify_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "steam_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "tik_tok_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "twitch_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "twitter_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "embeddable_magic_link_factor": {
          "embedded_id": "<string>"
        },
        "biometric_factor": {
          "biometric_registration_id": "<string>"
        },
        "saml_sso_factor": {
          "id": "<string>",
          "provider_id": "<string>",
          "external_id": "<string>"
        },
        "oidc_sso_factor": {
          "id": "<string>",
          "provider_id": "<string>",
          "external_id": "<string>"
        },
        "salesforce_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "yahoo_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "hubspot_oauth_factor": {
          "id": "<string>",
          "provider_subject": "<string>",
          "email_id": "<string>"
        },
        "slack_oauth_exchange_factor": {
          "email_id": "<string>"
        },
        "hubspot_oauth_exchange_factor": {
          "email_id": "<string>"
        },
        "github_oauth_exchange_factor": {
          "email_id": "<string>"
        },
        "google_oauth_exchange_factor": {
          "email_id": "<string>"
        },
        "impersonated_factor": {
          "impersonator_id": "<string>",
          "impersonator_email_address": "<string>"
        },
        "oauth_access_token_exchange_factor": {
          "client_id": "<string>"
        },
        "trusted_auth_token_factor": {
          "token_id": "<string>"
        }
      }
    ],
    "roles": [
      "<string>"
    ],
    "started_at": "<string>",
    "last_accessed_at": "<string>",
    "expires_at": "<string>",
    "attributes": {
      "ip_address": "<string>",
      "user_agent": "<string>"
    },
    "custom_claims": {}
  },
  "user_device": {
    "visitor_id": "<string>",
    "visitor_id_details": {
      "is_new": true,
      "first_seen_at": "<string>",
      "last_seen_at": "<string>"
    },
    "ip_address": "<string>",
    "ip_address_details": {
      "is_new": true,
      "first_seen_at": "<string>",
      "last_seen_at": "<string>"
    },
    "ip_geo_city": "<string>",
    "ip_geo_region": "<string>",
    "ip_geo_country": "<string>",
    "ip_geo_country_details": {
      "is_new": true,
      "first_seen_at": "<string>",
      "last_seen_at": "<string>"
    }
  }
}

Reset the user’s password and authenticate them. This endpoint checks that the magic link token is valid, hasn’t expired, and hasn’t been used. It can optionally require additional security settings, such as the IP address and user agent matching the initial reset request. The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated. Note that a successful password reset by email will revoke all active sessions for the user_id.

Authorizations

Authorization

string

header

required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Body

application/json

Request type

token

string

required

The Passwords token from the ?token= query parameter in the URL.

In the redirect URL, the `stytch_token_type` will be `login` or `reset_password`.

  See examples and read more about redirect URLs [here](https://stytch.com/docs/workspace-management/redirect-urls).

password

string

required

The password for the user. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.

session_token

string

The session_token associated with a User's existing Session.

session_duration_minutes

integer<int32>

Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, returning both an opaque session_token and session_jwt for this session. Remember that the session_jwt will have a fixed lifetime of five minutes regardless of the underlying session duration, and will need to be refreshed over time.

This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).

If a session_token or session_jwt is provided then a successful authentication will continue to extend the session this many minutes.

If the session_duration_minutes parameter is not specified, a Stytch session will not be created.

session_jwt

string

The session_jwt associated with a User's existing Session.

code_verifier

string

A base64url encoded one time secret used to validate that the request starts and ends on the same device.

session_custom_claims

object

Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in session_duration_minutes. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value.

Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes.

attributes

object

Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.

Show child attributes

options

object

Specify optional security settings.

Show child attributes

telemetry_id

string

If the telemetry_id is passed, as part of this request, Stytch will call the Fingerprint Lookup API and store the associated fingerprints and IPGEO information for the User. Your workspace must be enabled for Device Fingerprinting to use this feature.

Response

Successful response

request_id

string

required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

user_id

string

required

The unique ID of the affected User.

session_token

string

required

A secret token for a given Stytch Session.

session_jwt

string

required

The JSON Web Token (JWT) for a given Stytch Session.

user

object

required

The user object affected by this API call. See the Get user endpoint for complete response field details.

Show child attributes

status_code

integer<int32>

required

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

session

object

If you initiate a Session, by including session_duration_minutes in your authenticate call, you'll receive a full Session object in the response.

See Session object for complete response fields.

Show child attributes

user_device

object

If a valid telemetry_id was passed in the request and the Fingerprint Lookup API returned results, the user_device response field will contain information about the user's device attributes.

Show child attributes

⌘I