Password Reset¶

Request Reset Link¶

Sends a password reset link to the user's registered email address.

POST /api/forgot-password

Public endpoint. No authentication required.

Request Body¶

{
  "email": "jane.doe@acme.com"
}

Response¶

HTTP/1.1 200 OK

{
  "message": "If an account with that email exists, a reset link has been sent."
}

The response is identical whether or not the email address exists, to prevent account enumeration.

Token expiry: 48 hours.

Reset Password¶

Completes a password reset using the token received via email.

POST /api/reset-password

Public endpoint. Requires the session token from the reset link.

Request Body¶

{
  "session_token": "<token-from-email>",
  "new_password": "new-secure-password"
}

Field	Type	Required	Description
`session_token`	string	Yes	Token extracted from the reset link
`new_password`	string	Yes	New password - minimum 8 characters

Response¶

HTTP/1.1 200 OK

{
  "message": "Password updated successfully."
}

Admin: Force Password Reset¶

Allows an administrator to force a password reset for any user. The target user will be required to set a new password on next login.

POST /api/force-reset-password

Required role: Administrator

Request Body¶

{
  "user_id": 42
}

Response¶

HTTP/1.1 200 OK

{
  "message": "Password reset initiated for user."
}

Code Examples¶

Request Reset Link¶

curl -X POST https://acme.knosc.com/api/forgot-password \
  -H "Content-Type: application/json" \
  -d '{"email": "jane.doe@acme.com"}'

Reset Password¶

curl -X POST https://acme.knosc.com/api/reset-password \
  -H "Content-Type: application/json" \
  -d '{"session_token": "<token>", "new_password": "new-secure-password"}'

Password Reset¶

Request Reset Link¶

Request Body¶

Response¶

Reset Password¶

Request Body¶

Response¶

Admin: Force Password Reset¶

Request Body¶

Response¶

Code Examples¶

Request Reset Link¶

Reset Password¶

Related¶