> ## Documentation Index
> Fetch the complete documentation index at: https://docs.insforge.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Reset password with token

> Reset user password with a token. The token can be:
- Magic link token (64-character hex token from send-reset-password when method is 'link')
- Reset token (from exchange-reset-password-token after code verification when method is 'code')

Both token types use RESET_PASSWORD purpose and are verified the same way.

Flow summary:
- Code method: send-reset-password → exchange-reset-password-token → reset-password (with resetToken)
- Link method: send-reset-password → GET /api/auth/email/reset-password-link → reset-password




## OpenAPI

````yaml https://raw.githubusercontent.com/InsForge/InsForge/main/openapi/auth.yaml post /api/auth/email/reset-password
openapi: 3.0.3
info:
  title: Insforge Authentication API
  version: 2.0.0
  description: Authentication endpoints with separated auth and profile tables
servers: []
security: []
paths:
  /api/auth/email/reset-password:
    post:
      tags:
        - Client
      summary: Reset password with token
      description: >
        Reset user password with a token. The token can be:

        - Magic link token (64-character hex token from send-reset-password when
        method is 'link')

        - Reset token (from exchange-reset-password-token after code
        verification when method is 'code')


        Both token types use RESET_PASSWORD purpose and are verified the same
        way.


        Flow summary:

        - Code method: send-reset-password → exchange-reset-password-token →
        reset-password (with resetToken)

        - Link method: send-reset-password → GET
        /api/auth/email/reset-password-link → reset-password
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - newPassword
                - otp
              properties:
                newPassword:
                  type: string
                  description: New password meeting configured requirements
                  example: newSecurePassword123
                otp:
                  type: string
                  description: >-
                    Reset token (either from magic link or from
                    exchange-reset-password-token endpoint)
                  example: a1b2c3d4...
      responses:
        '200':
          description: Password reset successfully
          content:
            application/json:
              schema:
                type: object
                properties:
                  message:
                    type: string
                    example: Password reset successfully
        '400':
          description: Invalid request or password requirements not met
        '401':
          description: Verification code/token expired or invalid

````