# Password Reset Services
Password Reset services are used to reset the passwords of store staff using their email addresses registered in the system.
The Password Reset Services allows your application to facilitate the secure and straightforward process of resetting passwords for store staff. It includes two main services:
1. **Password Reset Service**: Initiates the process by sending a password reset email to the user's registered email address. This email contains a link with a User ID (`uid`) and token for user verification.
2. **Password Reset Confirmation Service**: Confirms the password reset request initiated through the email link. Users can set a new password securely using parameters obtained from the reset link.
All services related to resetting passwords are listed in this document.
## `POST` Password Reset
This service is used to reset their password by submitting a new one using the token and user ID from the password reset link.
**Path:** `/api/v1/auth/password-reset/`
#### **Request Body**
The following request body parameters are used to send a password reset email to the user. You only need to include the `email` parameter to specify the user's email address. The `token` is not required in the request body.
| Parameter | Data Type | In | Description |
| --------- | --------- | ---- | ------------------------- |
| email | string | body | The user's email address. |
```json
{
"email": "test@akinon.com"
}
```
#### **Example Request**
To send a password reset email, make a `POST` request to the `/api/v1/auth/password-reset/` endpoint.
Here's an example of how to make the request in Python:
```python
import requests
import json
url = "https://{instore_url}/api/v1/auth/password-reset/"
payload = json.dumps({
"email": "test@akinon.com",
})
headers = {
'Content-Type': 'application/json',
'Accept-Language': 'tr-tr' # optional --default is en-us
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)
```
#### **Example Response (200 OK)**
In a successful response with a status code of `200 OK`, the API sends a password reset email to the specified address. The response body contains a message confirming the email has been sent.
```json
{
"detail": "Password reset e-mail has been sent."
}
```
The email will contain a link to reset the password, including a `uid` and a `token` to verify the user's identity.
**Password Reset Link:**`https://{instore_url}/auth/resetPassword//`
**Password Reset Link Example:**`https://{instore_url}/auth/resetPassword/MQ/c3f5il-9988an4d89dbaf949d67e95c17ty25be5`
Upon clicking the link, the user will be redirected to the password reset page.
## `POST` Password Reset Confirmation
This service is used to confirm a password reset request. After the user clicks the link in the password reset email, they will be redirected to the password reset page, where they can enter a new password and finalize the reset process.
**Path:** `/api/v1/auth/password-reset-confirm/`
#### **Request Body**
The following request body parameters can be used to reset the user's password. There is no need to include the `token` parameter in the request body, as both the `uid` and `token` will be automatically retrieved from the password reset link in the email.
| Parameter | Data Type | In | Description |
| -------------- | --------- | ---- | --------------------------------------------- |
| new\_password1 | string | body | The new password for the user |
| new\_password2 | string | body | Confirmation of the new password (must match) |
| uid | string | body | The encrypted user ID |
| token | string | body | The token valid for the specific user |
```json
{
"new_password1": "12345",
"new_password2": "12345",
"uid": "",
"token": ""
}
```
#### **Example Request**
To reset the password of the user, a `POST` request should be sent to the `/api/v1/auth/password-reset-confirm/` endpoint.
Here's an example of how to make the request in python:
```python
import requests
import json
url = "https://{instore_url}/api/v1/auth/password-reset-confirm/"
payload = json.dumps({
"new_password1": "12345",
"new_password2": "12345",
"uid": "",
"token": ""
})
headers = {
'Content-Type': 'application/json'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)
```
#### **Example Response (200 OK)**
In a successful response with a status code of `200 OK`, the API resets the user's password. The response body contains a message confirming the password has been successfully updated.
This example response illustrates the structure and format returned upon success:
```json
{
"detail": "Password has been reset with the new password."
}
```
The user can now log in using the new password.
#### **Example Response (400 Bad Request)**
If the password does not meet validation rules, the API will return a `400 Bad Request` status along with an error message indicating why the password is invalid.
There are some validation rules for the password:
* The password should not be too short. It must contain at least 8 characters.
* The password should not be common.
* The password should not be entirely numeric.
* The password should not be used before.
If any of these rules are violated, the response might look like the following examples:
```json
{
"error": {
"non_field_errors": [
"New password cannot be the same as the old password."
]
},
"status_code": 400
}
```
```json
{
"error": {
"new_password2": [
"This password is too short. It must contain at least 8 characters.",
"This password is too common.",
"This password is entirely numeric."
]
},
"status_code": 400
}
```