Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

The password reset API consists in 2 mandatory and 1 optional step. The mandatory steps are the initiation of the password reset request and its confirmation. The optional step is to check the status of a previously submitted request. 

Password Reset Initial Request

Current Implementation

This operation is meant to be used when a user wants to reset his/her password and/or pin because he/her has forgot it.

This operation performs the following actions:
1.- Creates a token with a short lifespan (2 minutes).
2.- Creates an entry in a PasswordResetRequest table associating the token and the email of the user that is initiating the request. This association prevents any valid token (other than the one that was specifically created for this purpose) to reset a user's password and/or pin.
3.- Optionally emails the user a link that can be used to reset his/her password. (the link contains the generated token and the email of the user)

Parameters

Base URL: /validateAccount
Parameters:

  • No labels