Password Reset
If you forget your password, you can request a reset link via email.
Reset Flow
Section titled “Reset Flow”Step 1: Request Reset
Section titled “Step 1: Request Reset”Submit your email address to receive a reset link.
Step 2: Check Email
Section titled “Step 2: Check Email”Click the link in the email or use the token with the API.
Step 3: Set New Password
Section titled “Step 3: Set New Password”Enter your new password to regain access.
Request Password Reset
Section titled “Request Password Reset”POST /auth/forgot-password
Section titled “POST /auth/forgot-password”Initiates a password reset flow.
Request:
{ "email": "john@example.com"}Response (200 OK):
{ "success": true, "message": "If an account with that email exists, a password reset link has been sent."}Complete Password Reset
Section titled “Complete Password Reset”POST /auth/reset-password
Section titled “POST /auth/reset-password”Resets the password using the token from the reset email.
Request:
{ "token": "rst_abc123...", "newPassword": "NewSecurePassword456!"}| Field | Type | Required | Description |
|---|---|---|---|
token | string | Yes | Reset token from the email link |
newPassword | string | Yes | New password (same requirements as signup) |
Response (200 OK):
{ "success": true}Response with errors:
{ "success": false, "error": "Invalid or expired reset token"}Password Requirements
Section titled “Password Requirements”Your new password must meet these requirements:
- Minimum 8 characters
- At least one uppercase letter (A-Z)
- At least one lowercase letter (a-z)
- At least one number (0-9)
Token Expiration
Section titled “Token Expiration”Reset tokens expire after 1 hour. If your token has expired:
- Request a new reset link
- Use the new token within 1 hour
- Complete the password reset
Error Responses
Section titled “Error Responses”Invalid Token
Section titled “Invalid Token”{ "success": false, "error": "Invalid or expired reset token"}The token may be:
- Already used (tokens are single-use)
- Expired (older than 1 hour)
- Malformed or tampered with
Password Requirements Not Met
Section titled “Password Requirements Not Met”{ "success": false, "error": "Password does not meet requirements"}Ensure your new password meets all requirements.
C# SDK Example
Section titled “C# SDK Example”var client = new ManagementClient(new ManagementClientOptions{ ApiBaseUrl = "https://api.terrascale.io"});
// Request password resetvar forgotResult = await client.Auth.ForgotPasswordAsync( new ForgotPasswordRequest(Email: "john@example.com"));
if (forgotResult.IsSuccess){ Console.WriteLine("Check your email for a reset link!");}
// Later, when user has the token from emailvar resetResult = await client.Auth.ResetPasswordAsync( new ResetPasswordRequest( Token: "rst_abc123...", NewPassword: "NewSecurePassword456!" ));
if (resetResult.IsSuccess){ Console.WriteLine("Password reset successful! You can now log in.");}else{ Console.WriteLine($"Error: {resetResult.Errors.First().Message}");}Security Tips
Section titled “Security Tips”- Use a unique password - Don’t reuse passwords from other sites
- Enable MFA - Add extra protection after resetting
- Check for suspicious activity - Review your account after reset
- Use a password manager - Store passwords securely