Customer password resets

The customer password reset object and the allowed CRUD operations on the related resource endpoint

Registered customer passwords can be reset in three steps:

Create a new customer password reset with the customer's email.
Get the reset password token from the response.
Update the customer password reset resource passing the token and the new password.

It's your responsibility to verify the customer's identity before the third step. A typical flow is to send an email to the customer with a verification link that includes the reset password token.

If the customer is a guest (i.e. has no password associated yet) there's no need to use the customer password reset resource. To set a password for a guest customer just update the customer resource passing the desired password.

For security reasons, customer passwords can be set/reset using integration API credentials only. Reset password tokens expires after 6 hours.

PreviousDelete a customer group NextThe customer password reset object

Last updated 3 months ago