...
This operation performs the following actions: 1.-
- Creates a token with a short lifespan (2 minutes).
...
- Creates an entry in a PasswordResetRequest table associating the token and the email of the user that is initiating the request. This association prevents any valid token (other than the one that was specifically created for this purpose) to reset a user's password and/or pin.
...
- Optionally emails the user a link that can be used to reset his/her password. (the link contains the generated token and the email of the user)
The output of this operation is:
- A 'success' status of 'false' and a corresponding 'failMessage' if:
- The provided email doesn't exist.
- There is some internal error in the operation.
- A 'success' status of 'true' if the operation was successfully completed in addition of the following information:
- token: The generated token in case it is needed by the client.
- resetURL: The original URL sent by the client but with any additional information added by the server (like the placeholder replaced with the correct token).
Parameters
Base URL: /passwordReset/init
Parameters:
| Name | Type | Mandatory | Description |
|---|---|---|---|
| String | Yes | The email of the user initiating the request. | |
| resetURL | String | No | DEFAULT: null The URL that will be sent to the user via email. This URL may have 2 placeholders: {token} and {email} that this service will replace with the generated token for the request and the email of the initiating user. |
| sendEmail | Boolean | No | DEFAULT: |
...
'false' Indicates whether an notification email should be sent to the user. |
API Sample
Happy Path
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
data: {
token: "19c65444-324a-4449-a8de-706ebe9cf8a9",
resetURL: "http://127.0.0.1:8888/portal.html?page=reset&resettoken=19c65444-324a-4449-a8de-706ebe9cf8a9"
},
statusFact: {
success: true
}
} |
Non existing email
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
statusFact: {
failMessage: "Unknown user for provided email",
success: false
}
} |
Password Reset Request Status
Current Implementation
This operation checks whether a particular user has a pending 'password/pin reset' operation.
This operation performs the following actions:
- Check if an entry in PasswordResetRequest table exists for a provided email and token.
The output of this operation is:
- A 'success' status of 'false' and a corresponding 'failMessage' if:
- There is some internal error in the operation
- A 'success' status of 'true' if the operation was successfully completed in addition to the following information:
- pending: boolean value specifying whether a pending operation exits or not.
Parameters
Base URL: /passwordReset/init
Parameters:
| Name | Type | Mandatory | Description |
|---|---|---|---|
| String | Yes | The email of the user we want to check, | |
| token | String | Yes | The token generated in the previous step. Only tokens generated by the 'initiate password/pin' operation are allowed by this operation. |
API Sample
Happy Path
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
data: {
pending: true
},
statusFact: {
success: true
}
} |
Non-existing email/pending operation/wrong token
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
data: {
pending: false
},
statusFact: {
success: true
}
} |