Forgot Password
Request a password reset email for an account.
Arguments
| Name | Type | Required | Description |
|---|---|---|---|
email | String | ✅ Yes | Customer's registered email address |
Response
| Field | Type | Description |
|---|---|---|
message | String | Success or error message |
success | Boolean | Request success status |
Behavior
- Sends a password reset link to the customer's email
- The reset link is valid for a configurable period (typically 24 hours)
- Customer uses the link to set a new password
- Old tokens are invalidated when password is reset
Error Responses
json
{
"errors": {
"email": ["No account found with this email address."]
}
}Email Content
The reset email typically contains:
- A unique password reset link/token
- Expiration time for the token
- Instructions to reset the password
- Security information
Next Steps
After requesting a password reset:
- The customer receives an email with a reset link.
- The customer clicks the link and sets a new password on the web page the link opens.
There is no reset-password API operation — the reset is completed through the emailed web link. A logged-in customer who knows their current password can change it directly via the profile-update mutation instead.
Related Documentation
- Update Customer Profile — change the password while logged in (current + new)
- Customer Login

