B2B Saas Authentication

/

API reference

/

Passwords

/

Reset Options

/

Discovery Password reset by email

Discovery Email reset

POSThttps://test.stytch.com/v1/b2b/passwords/discovery/email/reset

Reset the password associated with an email and start an intermediate session. This endpoint checks that the password reset token is valid, hasn’t expired, or already been used.

The provided password needs to meet the project's password strength requirements, which can be checked in advance with the password strength endpoint. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated.

Resetting a password will start an intermediate session and return a list of discovered organizations the session can be exchanged into.


Body parameters


password_reset_token*string

password*string

session_tokenstring

session_jwtstring

intermediate_session_tokenstring

session_duration_minutesint

session_custom_claimsmap<string, any>

code_verifierstring

localestring

Response fields


request_idstring

status_codeint

email_addressstring

intermediate_session_tokenstring

discovered_organizationsarray
curl --request POST \
  --url https://test.stytch.com/v1/b2b/passwords/discovery/email/reset \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "password_reset_token": "SeiGwdj5lKkrEVgcEY3QNJXt6srxS3IK2Nwkar6mXD4=",
    "password": "$B&M)3$B$eCk_2@c"
  }'

RESPONSE

200
{
  "status_code": 200,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "intermediate_session_token": "",
  "email_address": "",
  "discovered_organizations": []
}

Common Error Types