Customer password resets
The customer password reset object and the allowed CRUD operations on the related resource endpoint
Last updated
The customer password reset object and the allowed CRUD operations on the related resource endpoint
Last updated
Registered customer passwords can be reset in three steps:
Create a new customer password reset with the customer's email.
Get the reset password token from the response.
Update the customer password reset resource passing the token and the new password.
It's your responsibility to verify the customer's identity before the third step. A typical flow is to send an email to the customer with a verification link that includes the reset password token.
If the customer is a guest (i.e. has no password associated yet) there's no need to use the customer password reset resource. To set a password for a guest customer just update the customer resource passing the desired password.
For security reasons, customer passwords can be set/reset using API credentials only.