Reset by email

The resetByEmail method wraps the Reset By Email Password API endpoint. This endpoint the user’s password and authenticate them. This endpoint checks that the magic link token is valid, hasn't expired, or already been used. The provided password needs to meet our password strength requirements, which can be checked in advance with the Strength Check Password API endpoint.

If this method succeeds, the user will be logged in, granted an active session, and the session cookies will be minted and stored in the browser.

You can listen for successful login events anywhere in the codebase with the stytch.session.onChange() method or useStytchSession hook if you are using React.

Method parameters

token* string

password* string

session_duration_minutes* int

Response fields

request_id string

status_code int

user_id string

import React, { useCallback } from 'react';
import { useStytch } from '@stytch/react';

export const Login = () => {
  const stytch = useStytch();

  const token = new URLSearchParams(window.location.search).get('token');

  const resetPassword = useCallback(() => {
    if (token) {
      stytch.passwords.resetByEmail({
        token: token,
        password: 'k$T^owdSRjv1jexB',
        session_duration_minutes: 60,
      });
    }
  }, [stytch, token]);

  return <button onClick={resetPassword}>Reset Password</button>;
};

RESPONSE

{
    "status_code": 200,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6"
}