Skip to main content

Password Reset

Request reset

POST /api/auth/request-password-reset
Content-Type: application/json

{"email": "user@example.com"}

The user receives an email with a reset token (via the configured email provider).

Reset password

POST /api/auth/reset-password
Content-Type: application/json

{
  "token": "the-token-from-email",
  "new_password": "new-secure-password"
}

All sessions are revoked after a successful reset.

Change password (authenticated)

POST /api/auth/change-password
Cookie: nexfetch_auth.session_token=...

{
  "current_password": "old-password",
  "new_password": "new-password"
}

Request reset
Reset password
Change password (authenticated)