Reset password with token

POST https://app.speybooks.com/api/v1/password-reset/reset-password

Reset password using a token from the reset email. Validates the token (not used, not expired, user active), hashes the new password with Argon2id, and marks the token as used. Runs atomically in a transaction.

The new password must meet the password policy.

Body parameters

password string required

min length: 8

token string required

The 64-character reset token from the email link.

Response

200 Password reset successfully. The user can now log in with their new password.

Show response fields

message string

Confirmation message.

Error codes

400 Invalid, expired, or already-used reset token, or password does not meet requirements.

429 Rate limit exceeded. Try again later.

Request POST /v1/password-reset/reset-password curl

curl -X POST https://api.speybooks.com/v1/auth/reset-password \
  -H "Content-Type: application/json" \
  -d '{"token": "a1b2c3...", "password": "NewSecureP@ss123"}'

Response 200

{
  "success": true,
  "message": "Your password has been reset successfully."
}