Customer password resets

The customer password reset object and the allowed CRUD operations on the related resource endpoint

Registered customer passwords can be reset in three steps:

  1. Create a new customer password reset with the customer's email.

  2. Get the reset password token from the response.

  3. Update the customer password reset resource passing the token and the new password.

Reset password tokens expires after 6 hours.

If the customer is a guest (i.e. has no password associated yet) there's no need to use the customer password reset resource. To set a password for a guest customer just update the customer resource passing the desired password.

For security reasons, customer passwords must be managed using integration API credentials only. Sales channels are only allowed to perform update actions.

Last updated