Consumer Authentication

/

API reference

/

Passwords

/

Reset options

/

Password reset by session

Password reset by existing Session

POSThttps://test.stytch.com/v1/passwords/session/reset

Reset the user’s password using their existing session. The endpoint will error if the session does not have a password, email magic link, or email OTP authentication factor that has been issued within the last 5 minutes. This endpoint requires either a session_jwt or session_token be included in the request.

Note that a successful password reset via an existing session will revoke all active sessions for the user_id, except for the one used during the reset flow.


Body parameters


password*string

session_jwtstring

session_tokenstring

session_custom_claimsmap<string, any>

session_duration_minutesint

Response fields


status_codeint

request_idstring

user_idstring

userobject

sessionobject

session_tokenstring

session_jwtstring
curl --request POST \
  --url https://test.stytch.com/v1/passwords/session/reset \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "password": "hFlKMRUhQmaWfoGd",
    "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q"
  }'

RESPONSE

200
{
  "status_code": 200,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6",
  "session": {
    ...Stytch session...
  },
  "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
  "session_jwt": "example_jwt"
}

Common Error Types