Skip to main content
PATCH
/
auth
/
resetpassword
curl --request PATCH \
  --url https://api.royalti.io/auth/resetpassword \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "user@example.com",
  "new_password": "NewSecurePassword123!",
  "confirm_password": "NewSecurePassword123!"
}
'
{
  "message": "Password Reset Successful"
}
This endpoint requires authentication. Include your Bearer token in the Authorization header.

Description

/auth/resetpassword Description: The /auth/resetpassword endpoint allows users to reset their password. This endpoint supports two different flows:

Flow 1: Forgot Password (Email Code Reset)

Use this flow when the user has forgotten their password and received a reset code via email from /auth/forgotpassword.
  • Provide the code as a query parameter
  • Provide email and new_password in the request body
  • No authentication required (the code validates the request)

Flow 2: Change Password (Authenticated)

Use this flow when a logged-in user wants to change their current password.
  • Provide email, current_password, and new_password in the request body
  • Requires valid Bearer token authentication
  • The current_password must match the user’s existing password
Method: PATCH Password Requirements:
  • Minimum 8 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • At least one special character
Query Parameter (Flow 1 only):
ParameterTypeDescription
codestringThe verification code sent to the user’s email (required for forgot password flow)
Request Payload:
ParameterTypeRequiredDescription
emailstringYesThe email address of the user
new_passwordstringYesThe new password to be set
confirm_passwordstringNoPassword confirmation (must match new_password if provided)
current_passwordstringConditionalRequired for authenticated password change (Flow 2)
Note: You must provide either code (query param) OR current_password (body), but not both.

Code Examples

const response = await fetch('https://api.royalti.io/auth/resetpassword', {
  method: 'PATCH',
  headers: {
    'Authorization': `Bearer ${token}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    "email": "user@example.com",
    "new_password": "NewSecurePassword123!",
    "confirm_password": "NewSecurePassword123!",
    "current_password": "OldPassword123!"
  })
});

const data = await response.json();
console.log(data);

Authorizations

Authorization
string
header
required

JWT Authorization header using the Bearer scheme. Format: "Bearer {token}"

Query Parameters

code
string

The verification code sent to the user's email (required for forgot password flow)

Body

application/json
email
string<email>
required

The email address of the user

Example:

"user@example.com"

new_password
string
required

The new password to be set (must meet password complexity requirements)

Example:

"NewSecurePassword123!"

confirm_password
string

Password confirmation (optional, must match new_password if provided)

Example:

"NewSecurePassword123!"

current_password
string

Current password (required for authenticated password change, not needed if using code)

Example:

"OldPassword123!"

Response

Password reset successful

message
string