> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Integrate Passwords via the API

> Implement Password signup, login, and reset flows with the Consumer API.

This guide walks through building password signup, login, and reset flows using the Consumer API.

<Steps>
  <Step title="Build a signup UX">
    Design a signup experience where the user sets a password. Then call [Create user with password](/api-reference/consumer/api/passwords/create) with the email and password.

    <img src="https://mintcdn.com/stytch-34ca0595/jCmOQoXV28mXNOhP/images/consumer/from-old-docs/signup-ux.svg?fit=max&auto=format&n=jCmOQoXV28mXNOhP&q=85&s=8316039860548038e019d5bef9f03aa2" alt="Password signup UI" width="439" height="410" data-path="images/consumer/from-old-docs/signup-ux.svg" />

    <img src="https://mintcdn.com/stytch-34ca0595/jCmOQoXV28mXNOhP/images/consumer/from-old-docs/signup-weak-password.svg?fit=max&auto=format&n=jCmOQoXV28mXNOhP&q=85&s=2597f8c5050235c225e6e85864a5ed74" alt="Weak password UI" width="439" height="415" data-path="images/consumer/from-old-docs/signup-weak-password.svg" />

    A successful call creates a user and can start a session when `session_duration_minutes` is provided.

    Handle these errors:

    * `duplicate_email`: A user with this email already exists.
    * `weak_password` or `breached_password`: See the next step for guidance.
  </Step>

  <Step title="Add a password strength check to your signup UX">
    Password strength is determined by [zxcvbn](/consumer-auth/authentication/passwords/strength-policy) (score 0–4) and by checking the password against the HaveIBeenPwned dataset. A score of `<= 2` yields a `weak_password` error; a leaked password yields a `breached_password` error.

    <img src="https://mintcdn.com/stytch-34ca0595/jCmOQoXV28mXNOhP/images/consumer/from-old-docs/password-strength.svg?fit=max&auto=format&n=jCmOQoXV28mXNOhP&q=85&s=958b1f314b438cf35541372eea440e4b" alt="Password strength check" width="1858" height="536" data-path="images/consumer/from-old-docs/password-strength.svg" />

    Use Stytch's Strength check endpoint to provide actionable feedback to users.
  </Step>

  <Step title="Build a login UX">
    Collect the user's email and password and call Authenticate user with password. A successful call authenticates the user and can start a session.

    <img src="https://mintcdn.com/stytch-34ca0595/jCmOQoXV28mXNOhP/images/consumer/from-old-docs/signup-ux.svg?fit=max&auto=format&n=jCmOQoXV28mXNOhP&q=85&s=8316039860548038e019d5bef9f03aa2" alt="Password signup UI" width="439" height="410" data-path="images/consumer/from-old-docs/signup-ux.svg" />

    <img src="https://mintcdn.com/stytch-34ca0595/jCmOQoXV28mXNOhP/images/consumer/from-old-docs/signup-weak-password.svg?fit=max&auto=format&n=jCmOQoXV28mXNOhP&q=85&s=2597f8c5050235c225e6e85864a5ed74" alt="Weak password UI" width="439" height="415" data-path="images/consumer/from-old-docs/signup-weak-password.svg" />

    Handle these errors:

    * `unauthorized_credentials` and `email_not_found`: Ask the user to try again.
    * `reset_password`: The password must be reset (for example, due to a breached password).
  </Step>

  <Step title="Add a reset password flow">
    Provide a reset password flow for users who forget their password or require a reset.

    Use [Start email password reset](/api-reference/consumer/api/overview) to begin the flow. If the account doesn't exist, you'll receive `email_not_found`.

    Build a Reset Password page and add the URL as a Reset Password redirect in the [Stytch Dashboard](https://stytch.com/dashboard/redirect-urls). On that page, collect the new password and the token from the URL and call [Password reset by email](/api-reference/consumer/api/overview).

    <img src="https://mintcdn.com/stytch-34ca0595/jCmOQoXV28mXNOhP/images/consumer/from-old-docs/password-reset-send.svg?fit=max&auto=format&n=jCmOQoXV28mXNOhP&q=85&s=d6811f0e5e312acc4b6494b99f6c5016" alt="Password reset sebd UI" width="439" height="415" data-path="images/consumer/from-old-docs/password-reset-send.svg" />

    <img src="https://mintcdn.com/stytch-34ca0595/jCmOQoXV28mXNOhP/images/consumer/from-old-docs/password-reset-email.svg?fit=max&auto=format&n=jCmOQoXV28mXNOhP&q=85&s=13b5593f2d3dea090aea778b11dce853" alt="Password reset email UI" width="439" height="475" data-path="images/consumer/from-old-docs/password-reset-email.svg" />

    <img src="https://mintcdn.com/stytch-34ca0595/jCmOQoXV28mXNOhP/images/consumer/from-old-docs/password-reset-ux.svg?fit=max&auto=format&n=jCmOQoXV28mXNOhP&q=85&s=634f37d66cb8f24824b6bcb112c4801c" alt="Password reset UX" width="439" height="415" data-path="images/consumer/from-old-docs/password-reset-ux.svg" />

    For “Log in without password”, support [Email Magic Links](/consumer-auth/authentication/magic-links/adding-magic-links-to-custom-auth-flow) and authenticate the token. This does not resolve a `reset_email` error.
  </Step>

  <Step title="You're done">
    You now have password signup, login, and reset flows. Have feedback after integrating? Reach out in our [forum](https://stytch.com/web/discourse), via [support@stytch.com](mailto:support@stytch.com), or in our [community Slack](https://join.slack.com/t/stytch/shared%5Finvite/zt-3aqo03e10-afWXyF%5F~zHw).

    <img src="https://mintcdn.com/stytch-34ca0595/jCmOQoXV28mXNOhP/images/consumer/from-old-docs/entire-flow.svg?fit=max&auto=format&n=jCmOQoXV28mXNOhP&q=85&s=cc65cbea8a6691f6f3326ad266bdc721" alt="Password flow" width="1464" height="1663" data-path="images/consumer/from-old-docs/entire-flow.svg" />
  </Step>
</Steps>