Authentication API reference - password email reset

Password reset by email

POSThttps://test.stytch.com/v1/passwords/email/reset

Reset the user’s password and authenticate them. This endpoint checks that the magic link token is valid, hasn’t expired, or already been used – and can optionally require additional security settings, such as the IP address and user agent matching the initial reset request.

The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated.

Note that a successful password reset by email will revoke all active sessions for the user_id.

Body parameters

token* string

password* string

options object

attributes object

session_custom_claims map<string, any>

session_duration_minutes int

session_jwt string

session_token string

code_verifier string

Response fields

status_code int

request_id string

user_id string

user object

session_jwt string

session_token string

session object

curl --request POST \
  --url https://test.stytch.com/v1/passwords/email/reset \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "token": "SeiGwdj5lKkrEVgcEY3QNJXt6srxS3IK2Nwkar6mXD4=",
    "password": "$h#54HWSLGv@hU#T"
  }'

RESPONSE

{
  "status_code": 200,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6"
}

Password reset by email

Body parameters

Response fields

RESPONSE

Common Error Types