Skip to main content
POST
/
v1
/
passwords
/
email
/
reset
/
start
C#
// POST /v1/passwords/email/reset/start
const stytch = require('stytch');

const client = new stytch.Client({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  email: "${email}",
};

client.Passwords.Email.ResetStart(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });
{
  "request_id": "<string>",
  "user_id": "<string>",
  "email_id": "<string>",
  "status_code": 123
}
This endpoint triggers an email to the provided email address containing a magic link that will allow the user to set a new password and authenticate via the Password Reset by Email endpoint.

Authorizations

Authorization
string
header
required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Body

application/json

Request type

email
string
required

The email of the User that requested the password reset.

reset_password_redirect_url
string

The URL that the User is redirected to from the reset password magic link. This URL should display your application's reset password page. Before rendering the reset page, extract the token from the query parameters. On the reset page, collect the new password and complete the flow by calling the corresponding Password Reset by Email endpoint. If this parameter is not specified, the default Reset Password redirect URL configured in the Dashboard will be used. If you have not set a default Reset Password redirect URL, an error is returned.

reset_password_expiration_minutes
integer<int32>

Set the expiration for the password reset, in minutes. By default, it expires in 30 minutes. The minimum expiration is 5 minutes and the maximum is 7 days (10080 mins).

code_challenge
string

A base64url encoded SHA256 hash of a one time secret used to validate that the request starts and ends on the same device.

attributes
object

Provided attributes to help with fraud detection. These values are pulled and passed into Stytch endpoints by your application.

login_redirect_url
string

The URL that Users are redirected to upon clicking the "Log in without password" button in password reset emails.

After Users are redirected to the login redirect URL, your application should retrieve the `token` value from the URL parameters and call the [Magic Link Authenticate endpoint](https://stytch.com/docs/api/authenticate-magic-link) to log the User in without requiring a password reset. If this value is not provided, your project's default login redirect URL will be used. If you have not set a default login redirect URL, an error will be returned.
locale
enum<string>

Used to determine which language to use when sending the user this delivery method. Parameter is an IETF BCP 47 language tag, e.g. "en".

Currently supported languages are English ("en"), Spanish ("es"), French ("fr") and Brazilian Portuguese ("pt-br"); if no value is provided, the copy defaults to English.

Request support for additional languages here!

Available options:
en,
es,
pt-br,
fr
reset_password_template_id
string

Use a custom template for password reset emails. By default, it will use your default email template. Templates can be added in the Stytch dashboard using our built-in customization options or custom HTML templates with type “Passwords - Password reset”.

Response

Successful response

request_id
string
required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

user_id
string
required

The unique ID of the affected User.

email_id
string
required

The unique ID of a specific email address.

status_code
integer<int32>
required

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.