Skip to main content
POST
/
api
/
auth
/
reset-password
Reset Password
curl --request POST \
  --url https://api.example.com/api/auth/reset-password \
  --header 'Content-Type: application/json' \
  --data '
{
  "token": "<string>",
  "password": "<string>"
}
'
{
  "message": "<string>",
  "error": "<string>"
}
Resets a user’s password using the token sent to their email via the forgot password endpoint. This completes the password recovery process.

Authentication

No authentication required.

Request Body

token
string
required
Password reset token sent to the user’s email address. This token is typically included in the password reset link.
password
string
required
New password for the account. Should meet security requirements (minimum 8 characters recommended).

Response

message
string
Success message confirming the password has been reset.

Example Request

curl -X POST https://api.contafy.com/api/auth/reset-password \
  -H "Content-Type: application/json" \
  -d '{
    "token": "prt_x1y2z3a4b5c6d7e8f9g0h1i2j3k4l5m6",
    "password": "NewSecurePass123!"
  }'

Example Response

{
  "message": "Contraseña restablecida exitosamente"
}

Error Responses

error
string
Error type identifier.
message
string
Human-readable error message.

Common Errors

400 Bad Request 
{
  "error": "INVALID_TOKEN",
  "message": "El token de restablecimiento es inválido o ha expirado"
}
400 Bad Request 
{
  "error": "VALIDATION_ERROR",
  "message": "Token y contraseña son requeridos"
}
400 Bad Request 
{
  "error": "VALIDATION_ERROR",
  "message": "La contraseña debe tener al menos 8 caracteres"
}

Notes

  • Password reset tokens typically expire after 1 hour
  • Once a token is used successfully, it becomes invalid
  • After resetting the password, users should log in with their new credentials
  • For security, all active sessions are terminated when the password is reset
  • The new password cannot be the same as the old password