Customer password resets

The customer password reset object and the allowed CRUD operations on the related resource endpoint

Registered customer passwords can be reset in three steps:

Create a new customer password reset with the customer's email.
Get the reset password token from the response.
Update the customer password reset resource passing the token and the new password.

Reset password tokens expires after 6 hours.

It's your responsibility to verify the customer's identity before the third step. A typical flow is to send an email to the customer with a verification link that includes the reset password token.

If the customer is a guest (i.e. has no password associated yet) there's no need to use the customer password reset resource. To set a password for a guest customer just update the customer resource passing the desired password.

For security reasons, customer passwords must be managed using integration API credentials only. Sales channels are only allowed to perform update actions.

PreviousDelete a customer group NextThe customer password reset object

Last updated 3 months ago