ForgotPassword
Request a password reset email for a user account.
API Playground
Request a password reset email. If the email exists in the system, a password reset link will be sent to the user's email address.
User's email address
Endpoint
POST https://devapi.marketiger3d.com/v2/Auth/ForgotPassword
Authentication
This endpoint does not require authentication.
Request Body
{
"email": "string"
}
Request Body Schema
| Field | Type | Required | Description |
|---|---|---|---|
| string | Yes | User's email address |
Example Request
curl -X POST "https://devapi.marketiger3d.com/v2/Auth/ForgotPassword" \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com"
}'
fetch('https://devapi.marketiger3d.com/v2/Auth/ForgotPassword', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
email: 'user@example.com'
})
})
.then(response => response.json())
.then(data => {
if (data.success) {
console.log('Password reset email sent successfully');
} else {
console.error('Error:', data.error);
}
})
.catch(error => console.error('Error:', error));
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "https://devapi.marketiger3d.com/v2/Auth/ForgotPassword");
request.Content = new StringContent(JsonSerializer.Serialize(new {
email = "user@example.com"
}), Encoding.UTF8, "application/json");
var response = await client.SendAsync(request);
var responseContent = await response.Content.ReadAsStringAsync();
var forgotPasswordResponse = JsonSerializer.Deserialize<ForgotPasswordResponse>(responseContent);
if (forgotPasswordResponse.Success)
{
// Password reset email sent successfully
}
Response
Success Response (200 OK)
{
"success": true,
"data": {}
}
Response Schema
| Field | Type | Description |
|---|---|---|
| success | boolean | Indicates if the request succeeded |
| data | object | Empty object on success |
Note: For security reasons, the endpoint returns a success response even if the email doesn't exist in the system. This prevents email enumeration attacks.
Error Response (400 Bad Request)
{
"success": false,
"error": {
"type": "NOT_FOUND",
"message": "User not found"
}
}
{
"success": false,
"error": {
"type": "OPERATION_FAILED",
"message": "Failed to send"
}
}
Error Response Schema
| Field | Type | Description |
|---|---|---|
| success | boolean | Indicates if the request succeeded |
| error | object | Error details |
| error.type | string | Error type code |
| error.message | string | Human-readable error message |
Error Codes
| Error Type | Status | Description |
|---|---|---|
| NOT_FOUND | 400 | User with the provided email was not found |
| OPERATION_FAILED | 400 | Failed to send the password reset email |
Notes
- The password reset email contains a link that allows the user to reset their password
- The reset link includes a secure token that expires after a certain period
- For security purposes, the endpoint may return a success response even if the email doesn't exist to prevent email enumeration
- Users should check their email (including spam folder) for the password reset link
- The reset link will direct users to the password reset page where they can set a new password
Best Practices
- User feedback: Inform users to check their email for the password reset link
- Rate limiting: Implement rate limiting on your client side to prevent abuse
- Email validation: Validate email format on the client side before sending the request
- Error handling: Handle both success and error responses appropriately
- Security: Never reveal whether an email exists in the system to prevent enumeration attacks