Forgot Password
The Forgot password flow includes 2 APIs
- Forgot Password: First, user will have to submit their email and the new passowrd. A temporary OTP session will be created having the new password. And the OTP will be delivered to the submitted email address.
- Change Password: If the user gets email successfully in their mail box with an OTP and user submits it within
5 minutesto this api, the saved new password will be permanently changed successfully.
1. Forgot Password
Endpoint
POST /auth/otp/forgot-password
Payload
1
2
3
4
{
"email": "exmaple@domain.com",
"new_password": "new_12345678"
}Response
Save this otp_id, we'll be needing it to change the password with authenticity.
1
2
3
4
5
{
"success": true,
"msg": "We just sent you an OTP, please check your Mail Box",
"otp_id": "6662e9e67f688698857bd1b8"
}2. Change Password
Endpoint
PUT /auth/otp/change-password
Payload
The OTP Id obtained from submitting the credentials.
1
2
3
4
{
"otp_id": "66150428c953c3d56112fbce", // OTP ID optained from forgot password api.
"otp": "12345"
}Response
Successful Response1
2
3
4
{
"success": true,
"msg": "Your password has been updated!"
}Now after you receive a successful response for password change, you can redirect user to the login page again and the user will login using their new credentials.
Remeber! that the users who signed up with Google won't be able to submit request for password change neither for email change.
1
2
3
4
{
success: false,
msg: "The OTP is incorrect."
}