Skip to content

Forgot Password

Request a password reset email for an account.

Arguments

NameTypeRequiredDescription
emailString✅ YesCustomer's registered email address

Response

FieldTypeDescription
messageStringSuccess or error message
successBooleanRequest success status

Behavior

  • Sends a password reset link to the customer's email
  • The reset link is valid for a configurable period (typically 24 hours)
  • Customer uses the link to set a new password
  • Old tokens are invalidated when password is reset

Error Responses

json
{
  "errors": {
    "email": ["No account found with this email address."]
  }
}

Email Content

The reset email typically contains:

  • A unique password reset link/token
  • Expiration time for the token
  • Instructions to reset the password
  • Security information

Next Steps

After requesting a password reset:

  1. The customer receives an email with a reset link.
  2. The customer clicks the link and sets a new password on the web page the link opens.

There is no reset-password API operation — the reset is completed through the emailed web link. A logged-in customer who knows their current password can change it directly via the profile-update mutation instead.

Released under the MIT License.