Forgot Password
Request a password reset email. A reset link will be sent to the customer's email address.
Endpoint
POST /api/shop/customers/forgot-passwordRequest Headers
| Header | Required | Description |
|---|---|---|
Content-Type | Yes | application/json |
X-STOREFRONT-KEY | Yes | Your storefront API key |
Note: No authentication required for this endpoint
Request Body
json
{
"email": "[email protected]"
}Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Email address associated with account |
Response Fields (200 OK)
| Field | Type | Description |
|---|---|---|
message | string | Success message |
Email Contents
The reset email will contain:
- Reset link with token
- Link expiration information
- Instructions for password reset
- Security information
Reset Link
The email includes a link in format:
https://yourstore.com/reset-password?token=xxxxxToken Validity
- Reset token valid for 24 hours
- Can be used only once
- Token is invalidated after successful reset
- Requesting new reset invalidates previous token
Use Cases
- Customer forgot their password
- Locked out of account
- Need to reset forgotten password
- Regain access to account
- Security password change
Important Notes
- No authentication required
- Email must exist in system
- Token is sent via email
- User must click link in email
- Token expires after 24 hours
Security
- Token-based reset (not SMS)
- Email verification required
- One-time use tokens
- Prevents unauthorized access
- Rate limiting (optional)