> ## Documentation Index
> Fetch the complete documentation index at: https://apidocs.royalti.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Reset password
> **/auth/resetpassword**
This endpoint requires authentication. Include your Bearer token in the Authorization header.
## Description
**/auth/resetpassword**
**Description:**
The /auth/resetpassword endpoint allows users to reset their password. This endpoint supports two different flows:
## Flow 1: Forgot Password (Email Code Reset)
Use this flow when the user has forgotten their password and received a reset code via email from `/auth/forgotpassword`.
* Provide the `code` as a query parameter
* Provide `email` and `new_password` in the request body
* No authentication required (the code validates the request)
## Flow 2: Change Password (Authenticated)
Use this flow when a logged-in user wants to change their current password.
* Provide `email`, `current_password`, and `new_password` in the request body
* Requires valid Bearer token authentication
* The `current_password` must match the user's existing password
**Method:**
`PATCH`
**Password Requirements:**
* Minimum 8 characters
* At least one uppercase letter
* At least one lowercase letter
* At least one number
* At least one special character
**Query Parameter (Flow 1 only):**
| Parameter | Type | Description |
| --------- | ------ | ---------------------------------------------------------------------------------- |
| code | string | The verification code sent to the user's email (required for forgot password flow) |
**Request Payload:**
| Parameter | Type | Required | Description |
| ----------------- | ------ | ----------- | ------------------------------------------------------------ |
| email | string | Yes | The email address of the user |
| new\_password | string | Yes | The new password to be set |
| confirm\_password | string | No | Password confirmation (must match new\_password if provided) |
| current\_password | string | Conditional | Required for authenticated password change (Flow 2) |
> **Note:** You must provide either `code` (query param) OR `current_password` (body), but not both.
## Code Examples
```javascript Node.js theme={null}
const response = await fetch('https://api.royalti.io/auth/resetpassword', {
method: 'PATCH',
headers: {
'Authorization': `Bearer ${token}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
"email": "user@example.com",
"new_password": "NewSecurePassword123!",
"confirm_password": "NewSecurePassword123!",
"current_password": "OldPassword123!"
})
});
const data = await response.json();
console.log(data);
```
```python Python theme={null}
import requests
response = requests.patch(
'https://api.royalti.io/auth/resetpassword',
headers={
'Authorization': f'Bearer {token}'
},
json={"email":"user@example.com","new_password":"NewSecurePassword123!","confirm_password":"NewSecurePassword123!","current_password":"OldPassword123!"}
)
data = response.json()
print(data)
```
```bash cURL theme={null}
curl -X PATCH https://api.royalti.io/auth/resetpassword \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"email":"user@example.com","new_password":"NewSecurePassword123!","confirm_password":"NewSecurePassword123!","current_password":"OldPassword123!"}'
```
## OpenAPI
````yaml patch /auth/resetpassword
openapi: 3.0.0
info:
title: Royalti.io API
description: "# Royalti API\r\n\r\nThis is the Royalti music royalty management platform API server.\r\n\r\n## Overview\r\n\r\nThe Royalti API provides comprehensive music royalty management services including:\r\n- Music publishing and writer management\r\n- Royalty processing and analytics\r\n- DDEX integration for music industry standards\r\n- File processing and pattern recognition\r\n- Payment processing and distribution\r\n\r\n## Authentication\r\n\r\nThe API uses JWT-based authentication with multiple protection levels:\r\n- Public endpoints for basic operations\r\n- Protected endpoints requiring valid JWT tokens\r\n- Admin endpoints for administrative functions\r\n\r\n## Features\r\n\r\n- Multi-dimensional royalty analytics\r\n- CWR (Collective Works Registration) support\r\n- DDEX integration for music metadata\r\n- Advanced file processing with pattern recognition\r\n- Real-time data processing with queue system"
version: 2.6.0
contact:
name: Royalti.io Support
email: support@royalti.io
url: https://royalti.io
license:
name: Proprietary
url: https://royalti.io/terms
servers:
- url: https://api.royalti.io
description: Production server
- url: https://api-dev.royalti.io
description: Development server
- url: http://localhost:8084
description: Local development
security:
- bearerAuth: []
tags:
- name: Accounting
description: Accounting and financial transaction operations
- name: DDEX
description: DDEX operations (ERN/MEAD, messages, delivery, providers)
- name: Label
description: Label management operations
- name: Internal Webhooks
description: Internal system webhooks for royalty processing and downloads
- name: Payment Webhooks
description: Payment processor webhook endpoints
- name: Billing Webhooks
description: Stripe billing and subscription webhooks
- name: Infrastructure Webhooks
description: Cloudflare domain and SSL webhooks
- name: Distribution Webhooks
description: Digital distribution platform webhooks (FUGA)
paths:
/auth/resetpassword:
patch:
tags:
- Auth
summary: Reset password
description: >-
**/auth/resetpassword**
**Description:**
The /auth/resetpassword endpoint allows users to reset their password.
This endpoint supports two different flows:
## Flow 1: Forgot Password (Email Code Reset)
Use this flow when the user has forgotten their password and received a
reset code via email from `/auth/forgotpassword`.
- Provide the `code` as a query parameter
- Provide `email` and `new_password` in the request body
- No authentication required (the code validates the request)
## Flow 2: Change Password (Authenticated)
Use this flow when a logged-in user wants to change their current
password.
- Provide `email`, `current_password`, and `new_password` in the request
body
- Requires valid Bearer token authentication
- The `current_password` must match the user's existing password
**Method:**
`PATCH`
**Password Requirements:**
- Minimum 8 characters
- At least one uppercase letter
- At least one lowercase letter
- At least one number
- At least one special character
**Query Parameter (Flow 1 only):**
| Parameter | Type | Description |
| --- | --- | --- |
| code | string | The verification code sent to the user's email
(required for forgot password flow) |
**Request Payload:**
| Parameter | Type | Required | Description |
| --- | --- | --- | --- |
| email | string | Yes | The email address of the user |
| new_password | string | Yes | The new password to be set |
| confirm_password | string | No | Password confirmation (must match
new_password if provided) |
| current_password | string | Conditional | Required for authenticated
password change (Flow 2) |
> **Note:** You must provide either `code` (query param) OR
`current_password` (body), but not both.
parameters:
- name: code
in: query
required: false
description: >-
The verification code sent to the user's email (required for forgot
password flow)
schema:
type: string
example: ABC123
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
email:
type: string
format: email
description: The email address of the user
example: user@example.com
new_password:
type: string
description: >-
The new password to be set (must meet password complexity
requirements)
example: NewSecurePassword123!
confirm_password:
type: string
description: >-
Password confirmation (optional, must match new_password if
provided)
example: NewSecurePassword123!
current_password:
type: string
description: >-
Current password (required for authenticated password
change, not needed if using code)
example: OldPassword123!
required:
- email
- new_password
examples:
forgot_password_flow:
summary: Forgot Password Flow (with code query param)
value:
email: user@example.com
new_password: NewSecurePassword123!
confirm_password: NewSecurePassword123!
change_password_flow:
summary: Change Password Flow (authenticated user)
value:
email: user@example.com
current_password: OldPassword123!
new_password: NewSecurePassword123!
confirm_password: NewSecurePassword123!
responses:
'200':
description: Password reset successful
content:
application/json:
schema:
type: object
properties:
message:
type: string
example:
message: Password Reset Successful
'400':
description: |
Bad request. Possible reasons:
- Missing required fields (email or new_password)
- Password validation failed (doesn't meet complexity requirements)
- Passwords do not match (if confirm_password provided)
- Invalid current password (for authenticated flow)
- Wrong or expired password reset code
- Neither code nor current_password provided
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
missing_fields:
summary: Missing required fields
value:
statusCode: 400
message: Invalid password reset request
password_validation:
summary: Password validation failed
value:
statusCode: 400
message: >-
Password validation failed: Password must be at least 8
characters long
passwords_mismatch:
summary: Passwords do not match
value:
statusCode: 400
message: Passwords do not match
invalid_current:
summary: Invalid current password
value:
statusCode: 400
message: Invalid current password
wrong_code:
summary: Wrong reset code
value:
statusCode: 400
message: Wrong password reset code provided
'401':
description: Unauthorized - Authentication required for change password flow
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'404':
description: User not found
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'500':
description: Internal Server Error
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
security:
- bearerAuth: []
components:
schemas:
Error:
type: object
properties:
success:
type: boolean
example: false
error:
type: object
properties:
code:
type: string
message:
type: string
details:
type: array
items:
type: string
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: >-
JWT Authorization header using the Bearer scheme. Format: "Bearer
{token}"
````