Validate a password reset token

GET https://app.speybooks.com/api/v1/password-reset/reset-password/validate

Check if a reset token is valid before showing the password form. Returns the masked email (e.g. ja***@example.com) if valid. Public endpoint for the frontend to pre-validate tokens.

Query parameters

token string required

The 64-character reset token to validate.

Response

200 Returns whether the token is valid and the masked email address. Used by the frontend to decide whether to show the reset form.

Show response fields

email string

Masked email address (e.g. jo*****@example.com). Only present when valid is true.

valid boolean

Whether the token is valid, unused, and not expired.

Request GET /v1/password-reset/reset-password/validate curl

curl "https://api.speybooks.com/v1/auth/reset-password/validate?token=a1b2c3..."

Response 200

{
  "success": true,
  "valid": true,
  "email": "ja***@example.com"
}