> ## Documentation Index > Fetch the complete documentation index at: https://docs.insforge.dev/llms.txt > Use this file to discover all available pages before exploring further. # Exchange reset password code for reset token > Step 1 of two-step password reset flow (only used when resetPasswordMethod is 'code'): 1. Verify the 6-digit code sent to user's email 2. Return a reset token that can be used to actually reset the password This endpoint is not used when resetPasswordMethod is 'link', because the browser reset-link flow uses the emailed link token directly. ## OpenAPI ````yaml https://raw.githubusercontent.com/InsForge/InsForge/main/openapi/auth.yaml post /api/auth/email/exchange-reset-password-token openapi: 3.0.3 info: title: Insforge Authentication API version: 2.0.0 description: Authentication endpoints with separated auth and profile tables servers: [] security: [] paths: /api/auth/email/exchange-reset-password-token: post: tags: - Client summary: Exchange reset password code for reset token description: > Step 1 of two-step password reset flow (only used when resetPasswordMethod is 'code'): 1. Verify the 6-digit code sent to user's email 2. Return a reset token that can be used to actually reset the password This endpoint is not used when resetPasswordMethod is 'link', because the browser reset-link flow uses the emailed link token directly. requestBody: required: true content: application/json: schema: type: object required: - email - code properties: email: type: string format: email example: user@example.com code: type: string pattern: ^\d{6}$ description: 6-digit numeric code from email example: '123456' responses: '200': description: Code verified successfully, reset token returned content: application/json: schema: type: object properties: token: type: string description: Reset token to be used in reset-password endpoint expiresAt: type: string format: date-time description: Token expiration timestamp '400': description: Invalid request '401': description: Invalid or expired code ````