Customer passwords can be reset in three steps:
Create a new customer password reset with the email of the customer.
Get the reset password token from the response.
Update the customer password reset resource passing the token and the new password.
It's your responsibility to verify the customer's identity before third step. A typical flow is to send an email to the customer with a verification link that includes the reset password token.
The customer password reset unique identifier
The customer password reset endpoint URL
The email of the customer that requires a password reset
Automatically generated on create. Send its value as the '_reset_password_token' argument when updating the customer password.
The customer new password. This will be accepted only if a valid '_reset_password_token' is sent with the request.
Send the 'reset_password_token' that you got on create when updating the customer password.
Time at which the password was reset.
Unique identifier for the resource (hash).
Time at which the resource was created.
Time at which the resource was last updated.
A string that you can use to add your own identifier to the resource. This can be useful for integrating the resource to an external system, like an ERP, a marketing tool or a CRM.
Set of key-value pairs that you can attach to the resource. This can be useful for storing additional information about the resource in a structured format.
The customer that requires a password reset.
The resource environment (can be one of