Password Reset Services

Password Reset services are used to reset the passwords of store staff using their email addresses registered in the system.

The Password Reset Services allows your application to facilitate the secure and straightforward process of resetting passwords for store staff. It includes two main services:

Password Reset Service: Initiates the process by sending a password reset email to the user's registered email address. This email contains a link with a User ID (uid) and token for user verification.
Password Reset Confirmation Service: Confirms the password reset request initiated through the email link. Users can set a new password securely using parameters obtained from the reset link.

All services related to resetting passwords are listed in this document.

`POST` Password Reset

This service is used to reset their password by submitting a new one using the token and user ID from the password reset link.

Path: /api/v1/auth/password-reset/

Request Body

The following request body parameters are used to send a password reset email to the user. You only need to include the email parameter to specify the user's email address. The token is not required in the request body.

Parameter

Data Type

Description

string

body

The user's email address.

{
  "email": "test@akinon.com"
}

Example Request

To send a password reset email, make a POST request to the /api/v1/auth/password-reset/ endpoint.

Here's an example of how to make the request in Python:

import requests
import json
url = "https://{instore_url}/api/v1/auth/password-reset/"
payload = json.dumps({
    "email": "test@akinon.com",
})
headers = {
    'Content-Type': 'application/json',
    'Accept-Language': 'tr-tr'  # optional --default is en-us
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)

Example Response (200 OK)

In a successful response with a status code of 200 OK, the API sends a password reset email to the specified address. The response body contains a message confirming the email has been sent.

{
  "detail": "Password reset e-mail has been sent."
}

The email will contain a link to reset the password, including a uid and a token to verify the user's identity.

Password Reset Link:https://{instore_url}/auth/resetPassword/<uid>/<token>

Password Reset Link Example:https://{instore_url}/auth/resetPassword/MQ/c3f5il-9988an4d89dbaf949d67e95c17ty25be5

Upon clicking the link, the user will be redirected to the password reset page.

`POST` Password Reset Confirmation

This service is used to confirm a password reset request. After the user clicks the link in the password reset email, they will be redirected to the password reset page, where they can enter a new password and finalize the reset process.

Path: /api/v1/auth/password-reset-confirm/

Request Body

The following request body parameters can be used to reset the user's password. There is no need to include the token parameter in the request body, as both the uid and token will be automatically retrieved from the password reset link in the email.

Parameter

Data Type

Description

new_password1

string

body

The new password for the user

new_password2

string

body

Confirmation of the new password (must match)

uid

string

body

The encrypted user ID

token

string

body

The token valid for the specific user

{
  "new_password1": "12345",
  "new_password2": "12345",
  "uid": "<uid>",
  "token": "<token>"
}

Example Request

To reset the password of the user, a POST request should be sent to the /api/v1/auth/password-reset-confirm/ endpoint.

Here's an example of how to make the request in python:

import requests
import json
url = "https://{instore_url}/api/v1/auth/password-reset-confirm/"
payload = json.dumps({
    "new_password1": "12345",
    "new_password2": "12345",
    "uid": "<uid>",
    "token": "<token>"
})

headers = {
    'Content-Type': 'application/json'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)

Example Response (200 OK)

In a successful response with a status code of 200 OK, the API resets the user's password. The response body contains a message confirming the password has been successfully updated.

This example response illustrates the structure and format returned upon success:

{
  "detail": "Password has been reset with the new password."
}

The user can now log in using the new password.

Example Response (400 Bad Request)

If the password does not meet validation rules, the API will return a 400 Bad Request status along with an error message indicating why the password is invalid.

There are some validation rules for the password:

The password should not be too short. It must contain at least 8 characters.
The password should not be common.
The password should not be entirely numeric.
The password should not be used before.

If any of these rules are violated, the response might look like the following examples:

{
  "error": {
    "non_field_errors": [
      "New password cannot be the same as the old password."
    ]
  },
  "status_code": 400
}

{
  "error": {
    "new_password2": [
      "This password is too short. It must contain at least 8 characters.",
      "This password is too common.",
      "This password is entirely numeric."
    ]
  },
  "status_code": 400
}

PreviousInstore NextIntegrator

Last updated 26 days ago

Was this helpful?